HTTP ask for smuggling vulnerability in Apache Tomcat ‘has been present considering that 2015’

Open up supply world wide web container now patched from 6-12 months-old bug

HTTP request smuggling vulnerability in Apache Tomcat has been present since 2015

A HTTP request smuggling vulnerability in Apache Tomcat has been present “since at minimum 2015”, the undertaking maintainers have warned.

Apache Tomcat is an open up source Java servlet container which is taken care of by the Apache Software Foundation.

In release notes posted on line (insecure url), maintainers of Tomcat revealed that the vulnerability was discovered in several variations of the software package.

“Apache Tomcat did not accurately parse the HTTP transfer-encoding request header in some situation major to the chance to request smuggling when utilized with a reverse proxy,” it reads.

“Specifically: Tomcat incorrectly disregarded the transfer-encoding header if the shopper declared it would only settle for an HTTP/1. reaction Tomcat honoured the identify encoding and Tomcat did not be certain that, if current, the chunked encoding was the closing encoding.”

Read through additional of

Read more