Vulnerability-Lookup

WID-SEC-W-2023-2130

Vulnerability from csaf_certbund - Published: 2020-02-25 23:00 - Updated: 2023-09-27 22:00

Summary

Apache Tomcat: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um Dateien zu manipulieren und Informationen offenzulegen.

Betroffene Betriebssysteme: - UNIX - Linux - Windows

CVE-2019-17569

Es existiert eine Schwachstelle in Apache Tomcat. Wenn Tomcat hinter einem Reverse-Proxy steht, der einen ungültigen Transfer-Encoding-Header auf eine bestimmte Art und Weise falsch behandelt, besteht die Möglichkeit des HTTP-Request-Smuggling Angriffs. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren.

CVE-2020-1935

Es existiert eine Schwachstelle in Apache Tomcat. Durch eine unsachgemäße Behandlung von HTTP-Headern im Zeilenende-Parsing, werden unter bestimmten Umständen ungültige HTTP-Header als gültig erkannt. Wenn Tomcat hinter einem Reverse-Proxy steht, besteht die Möglichkeit des HTTP-Request-Smuggling Angriffs. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren.

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://alas.aws.amazon.com/AL2/ALASTOMCAT8.5-202…	external
	https://alas.aws.amazon.com/AL2/ALAS-2023-2216.html	external
	https://lists.apache.org/thread.html/r127f76181ac…	external
	https://lists.apache.org/thread.html/r88def002c5c…	external
	https://www.suse.com/support/update/announcement/…	external
	https://lists.debian.org/debian-lts-announce/2020…	external
	https://www.suse.com/support/update/announcement/…	external
	https://www.suse.com/support/update/announcement/…	external
	https://downloads.avaya.com/css/P8/documents/101065046	external
	https://access.redhat.com/errata/RHSA-2020:1521	external
	https://www.debian.org/security/2020/dsa-4673	external
	https://security-tracker.debian.org/tracker/DSA-4680-1	external
	https://downloads.avaya.com/css/P8/documents/101066935	external
	https://lists.debian.org/debian-lts-announce/2020…	external
	https://www.suse.com/support/update/announcement/…	external
	https://www.suse.com/support/update/announcement/…	external
	https://access.redhat.com/errata/RHSA-2021:1030	external
	https://access.redhat.com/errata/RHSA-2020:3303	external
	https://access.redhat.com/errata/RHSA-2020:3305	external
	https://usn.ubuntu.com/4448-1/	external
	http://lists.suse.com/pipermail/sle-security-upda…	external
	https://support.hpe.com/hpesc/public/docDisplay?d…	external
	https://access.redhat.com/errata/RHSA-2020:5020	external
	https://linux.oracle.com/errata/ELSA-2020-5020.html	external
	http://centos-announce.2309468.n4.nabble.com/Cent…	external
	https://access.redhat.com/errata/RHSA-2021:0882	external
	https://access.redhat.com/errata/RHSA-2021:3140	external
	https://www.dell.com/support/kbdoc/de-de/00018969…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache Tomcat ist ein Web-Applikationsserver f\u00fcr verschiedene Plattformen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um Dateien zu manipulieren und Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2130 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2023-2130.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2130 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2130"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASTOMCAT8.5-2023-012 vom 2023-09-27",
        "url": "https://alas.aws.amazon.com/AL2/ALASTOMCAT8.5-2023-012.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-2216 vom 2023-08-23",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2216.html"
      },
      {
        "category": "external",
        "summary": "Apache Tomcat Security Advisory vom 2020-02-25",
        "url": "https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E"
      },
      {
        "category": "external",
        "summary": "Apache Tomcat Security Advisory vom 2020-02-25",
        "url": "https://lists.apache.org/thread.html/r88def002c5c78534674ca67472e035099fbe088813d50062094a1390%40%3Cannounce.tomcat.apache.org%3E"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:0598-1 vom 2020-03-06",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200598-1.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA 2133 vom 2020-03-05",
        "url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202003/msg00006.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:0631-1 vom 2020-03-10",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200631-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:0632-1 vom 2020-03-10",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200632-1.html"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2020-018 vom 2020-03-29",
        "url": "https://downloads.avaya.com/css/P8/documents/101065046"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:1521 vom 2020-04-21",
        "url": "https://access.redhat.com/errata/RHSA-2020:1521"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4673 vom 2020-05-04",
        "url": "https://www.debian.org/security/2020/dsa-4673"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4680 vom 2020-05-07",
        "url": "https://security-tracker.debian.org/tracker/DSA-4680-1"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2020-029 vom 2020-05-25",
        "url": "https://downloads.avaya.com/css/P8/documents/101066935"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA 2209 vom 2020-05-29",
        "url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202005/msg00026.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:1498-1 vom 2020-06-16",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201498-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:1497-1 vom 2020-06-16",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201497-1.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:1030 vom 2021-03-30",
        "url": "https://access.redhat.com/errata/RHSA-2021:1030"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:3303 vom 2020-08-04",
        "url": "https://access.redhat.com/errata/RHSA-2020:3303"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:3305 vom 2020-08-04",
        "url": "https://access.redhat.com/errata/RHSA-2020:3305"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4448-1 vom 2020-08-04",
        "url": "https://usn.ubuntu.com/4448-1/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:2611-1 vom 2020-09-11",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007410.html"
      },
      {
        "category": "external",
        "summary": "Hewlett Packard Enterprise Support Center",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04015en_us"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:5020 vom 2020-11-10",
        "url": "https://access.redhat.com/errata/RHSA-2020:5020"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-5020 vom 2020-11-12",
        "url": "https://linux.oracle.com/errata/ELSA-2020-5020.html"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2020:5020 vom 2020-11-18",
        "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-5020-Low-CentOS-7-tomcat-Security-Update-tp4646031.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0882 vom 2021-03-16",
        "url": "https://access.redhat.com/errata/RHSA-2021:0882"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3140 vom 2021-08-11",
        "url": "https://access.redhat.com/errata/RHSA-2021:3140"
      },
      {
        "category": "external",
        "summary": "Dell NetWorker Security Update",
        "url": "https://www.dell.com/support/kbdoc/de-de/000189694/dsa-2021-125-dell-emc-networker-security-update-for-multiple-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache Tomcat: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-09-27T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:57:23.084+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2130",
      "initial_release_date": "2020-02-25T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2020-02-25T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2020-03-05T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE und Debian aufgenommen"
        },
        {
          "date": "2020-03-10T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-03-29T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von AVAYA aufgenommen"
        },
        {
          "date": "2020-04-20T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-05-03T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2020-05-06T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2020-05-24T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von AVAYA aufgenommen"
        },
        {
          "date": "2020-05-28T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2020-06-16T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-08-03T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-08-04T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2020-09-13T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-09-22T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von HP aufgenommen"
        },
        {
          "date": "2020-11-10T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-11-11T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2020-11-18T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von CentOS aufgenommen"
        },
        {
          "date": "2021-03-16T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-03-29T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-08-11T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-08-18T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von EMC aufgenommen"
        },
        {
          "date": "2023-08-23T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-09-27T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Amazon aufgenommen"
        }
      ],
      "status": "final",
      "version": "23"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Apache Tomcat \u003c 7.0.100",
                "product": {
                  "name": "Apache Tomcat \u003c 7.0.100",
                  "product_id": "665641",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:tomcat:7.0.100"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Apache Tomcat \u003c 8.5.51",
                "product": {
                  "name": "Apache Tomcat \u003c 8.5.51",
                  "product_id": "T015938",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:tomcat:8.5.51"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Apache Tomcat \u003c 9.0.31",
                "product": {
                  "name": "Apache Tomcat \u003c 9.0.31",
                  "product_id": "T015939",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:tomcat:9.0.31"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tomcat"
          }
        ],
        "category": "vendor",
        "name": "Apache"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Avaya Aura Application Enablement Services",
            "product": {
              "name": "Avaya Aura Application Enablement Services",
              "product_id": "T015516",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_application_enablement_services:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Experience Portal",
            "product": {
              "name": "Avaya Aura Experience Portal",
              "product_id": "T015519",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_experience_portal:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya CMS",
            "product": {
              "name": "Avaya CMS",
              "product_id": "997",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:call_management_system_server:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Session Border Controller",
            "product": {
              "name": "Avaya Session Border Controller",
              "product_id": "T015520",
              "product_identification_helper": {
                "cpe": "cpe:/h:avaya:session_border_controller:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya one-X",
            "product": {
              "name": "Avaya one-X",
              "product_id": "1024",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:one-x:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Avaya"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "EMC NetWorker",
            "product": {
              "name": "EMC NetWorker",
              "product_id": "3479",
              "product_identification_helper": {
                "cpe": "cpe:/a:emc:networker:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "EMC"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HPE HP-UX",
            "product": {
              "name": "HPE HP-UX",
              "product_id": "4871",
              "product_identification_helper": {
                "cpe": "cpe:/o:hp:hp-ux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HPE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-17569",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache Tomcat. Wenn Tomcat hinter einem Reverse-Proxy steht, der einen ung\u00fcltigen Transfer-Encoding-Header auf eine bestimmte Art und Weise falsch behandelt, besteht die M\u00f6glichkeit des HTTP-Request-Smuggling Angriffs. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T015519",
          "67646",
          "T015516",
          "4871",
          "T004914",
          "T015520",
          "3479",
          "2951",
          "T002207",
          "1024",
          "T000126",
          "997",
          "398363",
          "1727"
        ]
      },
      "release_date": "2020-02-25T23:00:00.000+00:00",
      "title": "CVE-2019-17569"
    },
    {
      "cve": "CVE-2020-1935",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache Tomcat. Durch eine unsachgem\u00e4\u00dfe Behandlung von HTTP-Headern im Zeilenende-Parsing, werden unter bestimmten Umst\u00e4nden ung\u00fcltige HTTP-Header als g\u00fcltig erkannt. Wenn Tomcat hinter einem Reverse-Proxy steht, besteht die M\u00f6glichkeit des HTTP-Request-Smuggling Angriffs. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T015519",
          "67646",
          "T015516",
          "4871",
          "T004914",
          "T015520",
          "3479",
          "2951",
          "T002207",
          "1024",
          "T000126",
          "997",
          "398363",
          "1727"
        ]
      },
      "release_date": "2020-02-25T23:00:00.000+00:00",
      "title": "CVE-2020-1935"
    }
  ]
}

CVE-2019-17569 (GCVE-0-2019-17569)

Vulnerability from cvelistv5 – Published: 2020-02-24 21:04 – Updated: 2024-08-05 01:40

Summary

The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

Severity ?

No CVSS data available.

CWE

HTTP Request Smuggling

Assigner

apache

References

URL

Tags

	https://lists.apache.org/thread.html/r88def002c5c…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://lists.apache.org/thread.html/rc31cbabb46c…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r7bc994c965a…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4673	vendor-advisoryx_refsource_DEBIAN
	https://www.debian.org/security/2020/dsa-4680	vendor-advisoryx_refsource_DEBIAN
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2020032…	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujan2021.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apache	Apache Tomcat	Affected: Apache Tomcat 9.0.28 to 9.0.30 Affected: 8.5.48 to 8.5.50 Affected: 7.0.98 to 7.0.99

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:40:15.855Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[tomcat-announce] 20200224 [SECURITY] CVE-2019-17569 HTTP Request Smuggling",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r88def002c5c78534674ca67472e035099fbe088813d50062094a1390%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html"
          },
          {
            "name": "openSUSE-SU-2020:0345",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html"
          },
          {
            "name": "[tomee-commits] 20200320 [jira] [Created] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 \u0026 CVE-2019-17569 vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 \u0026 CVE-2019-17569 vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "DSA-4673",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4673"
          },
          {
            "name": "DSA-4680",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4680"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200327-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "Apache",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Tomcat 9.0.28 to 9.0.30"
            },
            {
              "status": "affected",
              "version": "8.5.48 to 8.5.50"
            },
            {
              "status": "affected",
              "version": "7.0.98 to 7.0.99"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "HTTP Request Smuggling",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-20T14:42:01.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[tomcat-announce] 20200224 [SECURITY] CVE-2019-17569 HTTP Request Smuggling",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r88def002c5c78534674ca67472e035099fbe088813d50062094a1390%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html"
        },
        {
          "name": "openSUSE-SU-2020:0345",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html"
        },
        {
          "name": "[tomee-commits] 20200320 [jira] [Created] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 \u0026 CVE-2019-17569 vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 \u0026 CVE-2019-17569 vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "DSA-4673",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4673"
        },
        {
          "name": "DSA-4680",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4680"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200327-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2019-17569",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Tomcat",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Tomcat 9.0.28 to 9.0.30"
                          },
                          {
                            "version_value": "8.5.48 to 8.5.50"
                          },
                          {
                            "version_value": "7.0.98 to 7.0.99"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "HTTP Request Smuggling"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[tomcat-announce] 20200224 [SECURITY] CVE-2019-17569 HTTP Request Smuggling",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r88def002c5c78534674ca67472e035099fbe088813d50062094a1390%40%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html"
            },
            {
              "name": "openSUSE-SU-2020:0345",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html"
            },
            {
              "name": "[tomee-commits] 20200320 [jira] [Created] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 \u0026 CVE-2019-17569 vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 \u0026 CVE-2019-17569 vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "DSA-4673",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4673"
            },
            {
              "name": "DSA-4680",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4680"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200327-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200327-0005/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2019-17569",
    "datePublished": "2020-02-24T21:04:40.000Z",
    "dateReserved": "2019-10-14T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:40:15.855Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-1935 (GCVE-0-2020-1935)

Vulnerability from cvelistv5 – Published: 2020-02-24 21:11 – Updated: 2024-08-04 06:53

Summary

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

Severity ?

No CVSS data available.

CWE

HTTP Request Smuggling

Assigner

apache

References

URL

Tags

	https://lists.apache.org/thread.html/r127f76181ac…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://lists.apache.org/thread.html/rc31cbabb46c…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r7bc994c965a…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4673	vendor-advisoryx_refsource_DEBIAN
	https://www.debian.org/security/2020/dsa-4680	vendor-advisoryx_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2020032…	x_refsource_CONFIRM
	https://lists.apache.org/thread.html/r441c1f30a25…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r660cd379afe…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rd547be0c9d8…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/ra5dee390ad2…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r80e9c8417c7…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/4448-1/	vendor-advisoryx_refsource_UBUNTU
	https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujan2021.html	x_refsource_MISC
	https://lists.apache.org/thread.html/r9ce7918faf3…	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	Apache	Apache Tomcat	Affected: Apache Tomcat 9.0.0.M1 to 9.0.30 Affected: 8.5.0 to 8.5.50 Affected: 7.0.0 to 7.0.99

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:53:59.921Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[tomcat-announce] 20200224 [SECURITY] CVE-2020-1935 HTTP Request Smuggling",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html"
          },
          {
            "name": "openSUSE-SU-2020:0345",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html"
          },
          {
            "name": "[tomee-commits] 20200320 [jira] [Created] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 \u0026 CVE-2019-17569 vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 \u0026 CVE-2019-17569 vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "DSA-4673",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4673"
          },
          {
            "name": "DSA-4680",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4680"
          },
          {
            "name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200327-0005/"
          },
          {
            "name": "[tomcat-users] 20200724 CVE-2020-1935",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200724 Re: CVE-2020-1935",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200724 RE: CVE-2020-1935",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200726 Re: CVE-2020-1935",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200727 RE: CVE-2020-1935",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "USN-4448-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4448-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "[tomcat-dev] 20210428 [Bug 65272] Problems proccessing HTTP request without CR in last versions",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "Apache",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Tomcat 9.0.0.M1 to 9.0.30"
            },
            {
              "status": "affected",
              "version": "8.5.0 to 8.5.50"
            },
            {
              "status": "affected",
              "version": "7.0.0 to 7.0.99"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "HTTP Request Smuggling",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-28T16:06:15.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[tomcat-announce] 20200224 [SECURITY] CVE-2020-1935 HTTP Request Smuggling",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html"
        },
        {
          "name": "openSUSE-SU-2020:0345",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html"
        },
        {
          "name": "[tomee-commits] 20200320 [jira] [Created] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 \u0026 CVE-2019-17569 vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 \u0026 CVE-2019-17569 vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "DSA-4673",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4673"
        },
        {
          "name": "DSA-4680",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4680"
        },
        {
          "name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200327-0005/"
        },
        {
          "name": "[tomcat-users] 20200724 CVE-2020-1935",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200724 Re: CVE-2020-1935",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200724 RE: CVE-2020-1935",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200726 Re: CVE-2020-1935",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200727 RE: CVE-2020-1935",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "USN-4448-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4448-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "name": "[tomcat-dev] 20210428 [Bug 65272] Problems proccessing HTTP request without CR in last versions",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6%40%3Cdev.tomcat.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-1935",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Tomcat",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Tomcat 9.0.0.M1 to 9.0.30"
                          },
                          {
                            "version_value": "8.5.0 to 8.5.50"
                          },
                          {
                            "version_value": "7.0.0 to 7.0.99"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "HTTP Request Smuggling"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[tomcat-announce] 20200224 [SECURITY] CVE-2020-1935 HTTP Request Smuggling",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html"
            },
            {
              "name": "openSUSE-SU-2020:0345",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html"
            },
            {
              "name": "[tomee-commits] 20200320 [jira] [Created] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 \u0026 CVE-2019-17569 vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 \u0026 CVE-2019-17569 vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "DSA-4673",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4673"
            },
            {
              "name": "DSA-4680",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4680"
            },
            {
              "name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200327-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200327-0005/"
            },
            {
              "name": "[tomcat-users] 20200724 CVE-2020-1935",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200724 Re: CVE-2020-1935",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200724 RE: CVE-2020-1935",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200726 Re: CVE-2020-1935",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200727 RE: CVE-2020-1935",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "USN-4448-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4448-1/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "[tomcat-dev] 20210428 [Bug 65272] Problems proccessing HTTP request without CR in last versions",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-1935",
    "datePublished": "2020-02-24T21:11:38.000Z",
    "dateReserved": "2019-12-02T00:00:00.000Z",
    "dateUpdated": "2024-08-04T06:53:59.921Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2023-2130

CVE-2019-17569 (GCVE-0-2019-17569)

CVE-2020-1935 (GCVE-0-2020-1935)

Tags

Sightings

Nomenclature