VulnerableCode Package Details - pkg:apache/tomcat@8.5.48

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apache/tomcat@8.5.48

Essentials
History (1)

purl	pkg:apache/tomcat@8.5.48

Next non-vulnerable version	8.5.51
Latest non-vulnerable version	11.0.21
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-rq42-qvsy-hue6 Aliases: CVE-2019-17569 GHSA-767j-jfh2-jvrc	The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.	8.5.51 Affected by 0 other vulnerabilities. 9.0.31 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-rq42-qvsy-hue6
Aliases:
CVE-2019-17569
GHSA-767j-jfh2-jvrc

The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

8.5.51
Affected by 0 other vulnerabilities.

9.0.31
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:38:11.132918+00:00	Apache Tomcat Importer	Affected by	VCID-rq42-qvsy-hue6	https://tomcat.apache.org/security-8.html	38.0.0