CVE-2021-33037

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) in maven/org.apache.tomee/tomee-webapp

Identifiers

CVE-2021-33037

Package Slug

maven/org.apache.tomee/tomee-webapp

Vulnerability

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)

Description

Apache Tomcat does not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy.

Affected Versions

Version 8.0.6

Solution

Upgrade to version 8.0.7 or above.

Last Modified

2021-09-22

source