CVE-2022-42252

01.11.2022, 09:15

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.

HTTP Request/Response Smuggling

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 52%

Affected Products (NVD)

Vendor	Product	Version
apache	tomcat	8.5.0 ≤ 𝑥 < 8.5.83
apache	tomcat	9.0.0 ≤ 𝑥 < 9.0.68
apache	tomcat	10.0.0 ≤ 𝑥 < 10.0.27
apache	tomcat	10.1.0 ≤ 𝑥 < 10.1.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

tomcat9

bookworm	9.0.70-2 fixed
bullseye	9.0.43-2~deb11u10 fixed
bullseye (security)	9.0.43-2~deb11u10 fixed
sid	9.0.95-1 fixed
trixie	9.0.95-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

tomcat6

bionic	dne
focal	dne
jammy	dne
kinetic	dne
trusty	needs-triage
xenial	needs-triage

tomcat7

bionic	needs-triage
focal	dne
jammy	dne
kinetic	dne
trusty	needs-triage
xenial	needs-triage

tomcat8

bionic	Fixed 8.5.39-1ubuntu1~18.04.3+esm1 released
focal	dne
jammy	dne
kinetic	dne
trusty	dne
xenial	not-affected

tomcat9

bionic	Fixed 9.0.16-3ubuntu0.18.04.2+esm1 released
focal	Fixed 9.0.31-1ubuntu0.5 released
jammy	Fixed 9.0.58-1ubuntu0.1+esm1 released
kinetic	ignored
lunar	ignored
mantic	not-affected
noble	not-affected
trusty	dne
xenial	dne

openSUSE / SLES Releases

openSUSE Product

Release

tomcat

suse enterprise sap 12 SP4	9.0.36-3.93.1 fixed
suse enterprise sap 12 SP5	9.0.36-3.93.1 fixed
suse enterprise sap 15	9.0.36-150000.3.101.2 fixed
suse enterprise sap 15 SP1	9.0.36-150100.4.81.1 fixed
suse enterprise sap 15 SP2	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP3	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP4	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP5	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP6	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP7	9.0.43-150200.26.3 fixed
suse enterprise server 12 SP2	8.0.53-29.57.1 fixed
suse enterprise server 12 SP3	8.0.53-29.57.1 fixed
suse enterprise server 12 SP4	9.0.36-3.93.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15	9.0.36-150000.3.101.2 fixed
suse enterprise server 15 SP1	9.0.36-150100.4.81.1 fixed
suse enterprise server 15 SP2	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP3	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP4	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP5	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP6	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP7	9.0.43-150200.26.3 fixed

tomcat-admin-webapps

suse enterprise sap 12 SP4	9.0.36-3.93.1 fixed
suse enterprise sap 12 SP5	9.0.36-3.93.1 fixed
suse enterprise sap 15	9.0.36-150000.3.101.2 fixed
suse enterprise sap 15 SP1	9.0.36-150100.4.81.1 fixed
suse enterprise sap 15 SP2	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP3	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP4	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP5	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP6	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP7	9.0.43-150200.26.3 fixed
suse enterprise server 12 SP2	8.0.53-29.57.1 fixed
suse enterprise server 12 SP3	8.0.53-29.57.1 fixed
suse enterprise server 12 SP4	9.0.36-3.93.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15	9.0.36-150000.3.101.2 fixed
suse enterprise server 15 SP1	9.0.36-150100.4.81.1 fixed
suse enterprise server 15 SP2	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP3	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP4	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP5	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP6	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP7	9.0.43-150200.26.3 fixed

tomcat-docs-webapp

suse enterprise sap 12 SP4	9.0.36-3.93.1 fixed
suse enterprise sap 12 SP5	9.0.36-3.93.1 fixed
suse enterprise server 12 SP2	8.0.53-29.57.1 fixed
suse enterprise server 12 SP3	8.0.53-29.57.1 fixed
suse enterprise server 12 SP4	9.0.36-3.93.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed

tomcat-el-3_0-api

suse enterprise sap 12 SP4	9.0.36-3.93.1 fixed
suse enterprise sap 12 SP5	9.0.36-3.93.1 fixed
suse enterprise sap 15	9.0.36-150000.3.101.2 fixed
suse enterprise sap 15 SP1	9.0.36-150100.4.81.1 fixed
suse enterprise sap 15 SP2	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP3	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP4	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP5	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP6	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP7	9.0.43-150200.26.3 fixed
suse enterprise server 12 SP2	8.0.53-29.57.1 fixed
suse enterprise server 12 SP3	8.0.53-29.57.1 fixed
suse enterprise server 12 SP4	9.0.36-3.93.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15	9.0.36-150000.3.101.2 fixed
suse enterprise server 15 SP1	9.0.36-150100.4.81.1 fixed
suse enterprise server 15 SP2	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP3	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP4	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP5	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP6	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP7	9.0.43-150200.26.3 fixed

tomcat-javadoc

suse enterprise sap 12 SP4	9.0.36-3.93.1 fixed
suse enterprise sap 12 SP5	9.0.36-3.93.1 fixed
suse enterprise server 12 SP2	8.0.53-29.57.1 fixed
suse enterprise server 12 SP3	8.0.53-29.57.1 fixed
suse enterprise server 12 SP4	9.0.36-3.93.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed

tomcat-jsp-2_3-api

suse enterprise sap 12 SP4	9.0.36-3.93.1 fixed
suse enterprise sap 12 SP5	9.0.36-3.93.1 fixed
suse enterprise sap 15	9.0.36-150000.3.101.2 fixed
suse enterprise sap 15 SP1	9.0.36-150100.4.81.1 fixed
suse enterprise sap 15 SP2	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP3	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP4	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP5	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP6	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP7	9.0.43-150200.26.3 fixed
suse enterprise server 12 SP2	8.0.53-29.57.1 fixed
suse enterprise server 12 SP3	8.0.53-29.57.1 fixed
suse enterprise server 12 SP4	9.0.36-3.93.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15	9.0.36-150000.3.101.2 fixed
suse enterprise server 15 SP1	9.0.36-150100.4.81.1 fixed
suse enterprise server 15 SP2	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP3	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP4	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP5	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP6	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP7	9.0.43-150200.26.3 fixed

tomcat-lib

suse enterprise sap 12 SP4	9.0.36-3.93.1 fixed
suse enterprise sap 12 SP5	9.0.36-3.93.1 fixed
suse enterprise sap 15	9.0.36-150000.3.101.2 fixed
suse enterprise sap 15 SP1	9.0.36-150100.4.81.1 fixed
suse enterprise sap 15 SP2	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP3	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP4	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP5	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP6	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP7	9.0.43-150200.26.3 fixed
suse enterprise server 12 SP2	8.0.53-29.57.1 fixed
suse enterprise server 12 SP3	8.0.53-29.57.1 fixed
suse enterprise server 12 SP4	9.0.36-3.93.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15	9.0.36-150000.3.101.2 fixed
suse enterprise server 15 SP1	9.0.36-150100.4.81.1 fixed
suse enterprise server 15 SP2	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP3	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP4	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP5	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP6	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP7	9.0.43-150200.26.3 fixed

tomcat-servlet-3_1-api

suse enterprise server 12 SP2	8.0.53-29.57.1 fixed
suse enterprise server 12 SP3	8.0.53-29.57.1 fixed

tomcat-servlet-4_0-api

suse enterprise sap 12 SP4	9.0.36-3.93.1 fixed
suse enterprise sap 12 SP5	9.0.36-3.93.1 fixed
suse enterprise sap 15	9.0.36-150000.3.101.2 fixed
suse enterprise sap 15 SP1	9.0.36-150100.4.81.1 fixed
suse enterprise sap 15 SP2	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP3	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP4	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP5	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP6	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP7	9.0.43-150200.26.3 fixed
suse enterprise server 12 SP4	9.0.36-3.93.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15	9.0.36-150000.3.101.2 fixed
suse enterprise server 15 SP1	9.0.36-150100.4.81.1 fixed
suse enterprise server 15 SP2	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP3	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP4	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP5	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP6	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP7	9.0.43-150200.26.3 fixed

tomcat-webapps

suse enterprise sap 12 SP4	9.0.36-3.93.1 fixed
suse enterprise sap 12 SP5	9.0.36-3.93.1 fixed
suse enterprise sap 15	9.0.36-150000.3.101.2 fixed
suse enterprise sap 15 SP1	9.0.36-150100.4.81.1 fixed
suse enterprise sap 15 SP2	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP3	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP4	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP5	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP6	9.0.43-150200.26.3 fixed
suse enterprise sap 15 SP7	9.0.43-150200.26.3 fixed
suse enterprise server 12 SP2	8.0.53-29.57.1 fixed
suse enterprise server 12 SP3	8.0.53-29.57.1 fixed
suse enterprise server 12 SP4	9.0.36-3.93.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15	9.0.36-150000.3.101.2 fixed
suse enterprise server 15 SP1	9.0.36-150100.4.81.1 fixed
suse enterprise server 15 SP2	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP3	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP4	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP5	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP6	9.0.43-150200.26.3 fixed
suse enterprise server 15 SP7	9.0.43-150200.26.3 fixed

Common Weakness Enumeration

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

References

https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq

https://security.gentoo.org/glsa/202305-37

https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq

https://security.gentoo.org/glsa/202305-37