CVE-2021-33037

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) in maven/org.apache.tomcat/tomcat-coyote

Identifier

CVE-2021-33037

Package Slug

maven/org.apache.tomcat/tomcat-coyote

Vulnerability

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)

Description

Apache Tomcat did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy.

Affected Versions

All versions starting from 8.5.0 up to 8.5.66, all versions after 9.0.0 up to 9.0.46, all versions after 10.0.0 up to 10.0.6

Solution

Upgrade to versions 8.5.68, 9.0.48, 10.0.7 or above.

Last Modified

2021-07-16

source