[jira] [Resolved] (TOMEE-4256) Port fix for CVE-2023-45648

Richard Zowalla (Jira) Thu, 12 Oct 2023 02:28:03 -0700


     [ 
https://issues.apache.org/jira/browse/TOMEE-4256?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Richard Zowalla resolved TOMEE-4256.
------------------------------------
    Resolution: Fixed

> Port fix for CVE-2023-45648
> ---------------------------
>
>                 Key: TOMEE-4256
>                 URL: https://issues.apache.org/jira/browse/TOMEE-4256
>             Project: TomEE
>          Issue Type: Dependency upgrade
>    Affects Versions: 9.1.0
>            Reporter: Richard Zowalla
>            Assignee: Richard Zowalla
>            Priority: Major
>             Fix For: 9.1.1
>
>
> Important: Request smuggling CVE-2023-45648
> Tomcat did not correctly parse HTTP trailer headers. A specially crafted, 
> invalid trailer header could cause Tomcat to treat a single request as 
> multiple requests leading to the possibility of request smuggling when behind 
> a reverse proxy.
> This was fixed with commit 8ecff306.
> This issue was reported to the Tomcat Security Team on 12 September 2023. The 
> issue was made public on 10 October 2023.
> Affects: 10.1.0-M1 to 10.1.13



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (TOMEE-4256) Port fix for CVE-2023-45648

Reply via email to