The description for this CVE is pretty vague (as perhaps necessary) but we have a customer that is trying to assess their risk for this CVE. They are behind a reverse-proxy. Even though the description on Tomcat's security page states that the risk is low it doesn't describe how would a reverse-proxy mishandle the Transfer-Encoding in order to compromise the backend Tomcat server. Any information about this exploit would be appreciated. (I did try to read the commit but it is rather large so it would require more time to unroll the fix for me than getting a direct answer)...
George
