Search for packages
| purl | pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.28 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-pb38-eqgs-4ug7
Aliases: CVE-2019-17569 GHSA-767j-jfh2-jvrc |
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. |
Affected by 19 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T11:14:38.183907+00:00 | GitLab Importer | Affected by | VCID-pb38-eqgs-4ug7 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2019-17569.yml | 37.0.0 |
| 2025-07-31T12:29:03.645574+00:00 | GHSA Importer | Affected by | VCID-pb38-eqgs-4ug7 | https://github.com/advisories/GHSA-767j-jfh2-jvrc | 37.0.0 |