what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2021-33037

Status Candidate

Overview

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.

Related Files

Gentoo Linux Security Advisory 202208-34
Posted Aug 22, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202208-34 - Multiple vulnerabilities have been discovered in Apache Tomcat, the worst of which could result in denial of service. Versions less than 8.5.82:8.5 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2021-25122, CVE-2021-25329, CVE-2021-30639, CVE-2021-30640, CVE-2021-33037, CVE-2021-42340, CVE-2022-34305
SHA-256 | 077be2b54802b552aa2444c9d86f7b9f2b66179442ffb4c75ef491cd837caab4
Red Hat Security Advisory 2022-1179-01
Posted Apr 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1179-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.5.10 serves as a replacement for Red Hat support for Spring Boot 2.4.9, and includes bug fixes and enhancements. For more information, see the release notes listed in the References section. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-20289, CVE-2021-30640, CVE-2021-33037, CVE-2021-3597, CVE-2021-3629, CVE-2021-3642, CVE-2021-3859, CVE-2021-41079, CVE-2021-42340
SHA-256 | 85b8d4f687468f2d182c49d4c89778120f0a1b9edb98b4a99798cd35870ff9fd
Red Hat Security Advisory 2021-4861-06
Posted Dec 1, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4861-06 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.6.0 serves as a replacement for Red Hat JBoss Web Server 5.5.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, java, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-30640, CVE-2021-33037, CVE-2021-42340
SHA-256 | 7dbd69f0e97fd21832d1b2e2ba993f10af54561063a247a7e25f83c53a04b080
Red Hat Security Advisory 2021-4863-06
Posted Dec 1, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4863-06 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.6.0 serves as a replacement for Red Hat JBoss Web Server 5.5.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

tags | advisory, java, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-30640, CVE-2021-33037, CVE-2021-42340
SHA-256 | 58f5a47585e63d5de90a2072fe361e8c539c5a335cf05e959d27f16c183a5619
Debian Security Advisory 4952-1
Posted Aug 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4952-1 - Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, bypass of logout restrictions or authentications using variations of a valid user name.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2021-30640, CVE-2021-33037
SHA-256 | a979059d294f12b3682119262569f6b694fd38574412bff91d56a295359b1332
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close