org.apache.tomcat:tomcat-catalina@8.5.95 vulnerabilities
-
latest version
10.1.20
-
latest non vulnerable version
-
first published
14 years ago
-
latest version published
a month ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.tomcat:tomcat-catalina package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Input Validation due to the improper parsing of HTTP trailer headers. An attacker can manipulate the server into treating a single request as multiple requests by sending a trailer header that exceeds the header size limit. This could lead to request smuggling when the server is behind a reverse proxy. How to fix Improper Input Validation? Upgrade |
[8.5.0,8.5.96)
[9.0.0-M1,9.0.83)
[10.1.0-M1,10.1.16)
[11.0.0-M1,11.0.0-M10)
|