Apache Tomcat may reject request containing invalid Content-Length header

GHSA-p22x-g9px-3945 · BIT-tomcat-2022-42252 · CVE-2022-42252

Published Nov 1, 2022 · Modified Apr 23, 2024

Description

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.

References

7.5 / 10

HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Packages

Maven/org.apache.tomcat.embed:tomcat-embed-core

Fix 10.0.27, 10.1.1, 8.5.83, 9.0.68

Introduced 10.0.0-M1, 10.1.0-M1, 8.5.0, 9.0.0-M1

182 affected versions

10.0.010.0.0-M110.0.0-M1010.0.0-M310.0.0-M410.0.0-M510.0.0-M610.0.0-M710.0.0-M810.0.0-M910.0.1010.0.1110.0.1210.0.1310.0.1410.0.1610.0.1710.0.1810.0.210.0.20 +162 more

Maven/org.apache.tomcat:tomcat-coyote

Fix 10.0.27, 10.1.1, 9.0.68

Introduced 10.0.0-M1, 10.1.0-M1, 9.0.0-M1

115 affected versions

10.0.010.0.0-M110.0.0-M1010.0.0-M310.0.0-M410.0.0-M510.0.0-M610.0.0-M710.0.0-M810.0.0-M910.0.1010.0.1110.0.1210.0.1310.0.1410.0.1610.0.1710.0.1810.0.210.0.20 +95 more

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes