Search for packages
| purl | pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@7.0.98 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-rq42-qvsy-hue6
Aliases: CVE-2019-17569 GHSA-767j-jfh2-jvrc |
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. |
Affected by 5 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 18 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-02T12:36:28.435336+00:00 | GitLab Importer | Affected by | VCID-rq42-qvsy-hue6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2019-17569.yml | 38.0.0 |
| 2026-04-01T15:57:58.969703+00:00 | GHSA Importer | Affected by | VCID-rq42-qvsy-hue6 | https://github.com/advisories/GHSA-767j-jfh2-jvrc | 38.0.0 |