CVE-2022-42252

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.
HTTP Request/Response Smuggling
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
apacheCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
apachetomcat
8.5.0 ≤
𝑥
< 8.5.83
apachetomcat
9.0.0 ≤
𝑥
< 9.0.68
apachetomcat
10.0.0 ≤
𝑥
< 10.0.27
apachetomcat
10.1.0 ≤
𝑥
< 10.1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tomcat9
bullseye (security)
9.0.43-2~deb11u10
fixed
bullseye
9.0.43-2~deb11u10
fixed
bookworm
9.0.70-2
fixed
sid
9.0.95-1
fixed
trixie
9.0.95-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tomcat6
kinetic
dne
jammy
dne
focal
dne
bionic
dne
xenial
needs-triage
trusty
needs-triage
tomcat7
kinetic
dne
jammy
dne
focal
dne
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
tomcat8
kinetic
dne
jammy
dne
focal
dne
bionic
Fixed 8.5.39-1ubuntu1~18.04.3+esm1
released
xenial
not-affected
trusty
dne
tomcat9
noble
not-affected
mantic
not-affected
lunar
ignored
kinetic
ignored
jammy
Fixed 9.0.58-1ubuntu0.1+esm1
released
focal
Fixed 9.0.31-1ubuntu0.5
released
bionic
Fixed 9.0.16-3ubuntu0.18.04.2+esm1
released
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq
https://security.gentoo.org/glsa/202305-37
https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq
https://security.gentoo.org/glsa/202305-37