CVE-2020-1935 HTTP Request Smuggling
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.30
Apache Tomcat 8.5.0 to 8.5.50
Apache Tomcat 7.0.0 to 7.0.99
Description:
The HTTP header parsing code used an approach to end-of-line parsing
that allowe
CVE-2019-17569 HTTP Request Smuggling
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.28 to 9.0.30
Apache Tomcat 8.5.48 to 8.5.50
Apache Tomcat 7.0.98 to 7.0.99
Description:
The refactoring in 9.0.28, 8.5.48 and 7.0.98 introduced a regression.
The resul
CVE-2020-1938 AJP Request Injection and potential Remote Code Execution
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.30
Apache Tomcat 8.5.0 to 8.5.50
Apache Tomcat 7.0.0 to 7.0.99
Description:
When using the Apache JServ Protocol (AJP),
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.0-M1.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specificat