Uploaded image for project: 'TomEE'
  1. TomEE
  2. TOMEE-4256

Port fix for CVE-2023-45648

    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 9.1.0
    • 9.1.1
    • None
    • None

    Description

      Important: Request smuggling CVE-2023-45648

      Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.

      This was fixed with commit 8ecff306.

      This issue was reported to the Tomcat Security Team on 12 September 2023. The issue was made public on 10 October 2023.

      Affects: 10.1.0-M1 to 10.1.13

      Attachments

        Activity

          People

            rzo1 Richard Zowalla
            rzo1 Richard Zowalla
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: