On 14/12/2023 15:33, Benny Prange wrote:
Hi all,
I am having trouble understanding the description of CVE-2023-46589.
Does this CVE affect scenarios where the Apache Tomcat is the reverse
proxy, or or when the Apache Tomcat is running behind a reverse proxy?
Is the Tomcat vulnerable to request smuggling, or other applications
running behind the Tomcat?
Tomcat does not provide reverse proxy configuration.
This CVE applies when Tomcat is behind a reverse proxy.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
