Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Apache Tomcat Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability - CVE-2022-42252 - Vulnerability Database
Apache Tomcat

Apache Tomcat Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability - CVE-2022-42252

High
Reference: CVE-2022-42252
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-42252
Title: Apache Tomcat Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability
Overview:

If Apache Tomcat 8.5.0 to 8.5.82 9.0.0-M1 to 9.0.67 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only) Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.