CVE-2020-1935
tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling
Severity Score
4.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.
En Apache Tomcat versiones 9.0.0.M1 hasta 9.0.30, versiones 8.5.0 hasta 8.5.50 y versiones 7.0.0 hasta 7.0.99, el código de análisis del encabezado HTTP utilizó un enfoque para el análisis de fin de línea que permitió a algunos encabezados HTTP no válidos ser analizados como válidos. Esto conllevó a una posibilidad de Tráfico No Autorizado de Peticiones HTTP si Tomcat se encontraba detrás de un proxy inverso que manejaba incorrectamente el encabezado Transfer-Encoding no válido en una manera particular. Tal proxy inverso es considerado improbable.
A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. The highest threat with this vulnerability is system availability.
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 10 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-12-02 CVE Reserved
- 2020-02-24 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CAPEC
References (21)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | >= 7.0.0 <= 7.0.99 Search vendor "Apache" for product "Tomcat" and version " >= 7.0.0 <= 7.0.99" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | >= 8.5.0 <= 8.5.50 Search vendor "Apache" for product "Tomcat" and version " >= 8.5.0 <= 8.5.50" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | >= 9.0.0 <= 9.0.30 Search vendor "Apache" for product "Tomcat" and version " >= 9.0.0 <= 9.0.30" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone1 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone10 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone11 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone12 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone13 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone14 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone15 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone16 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone17 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone18 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone19 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone2 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone20 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone21 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone22 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone23 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone24 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone25 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone26 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone27 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone3 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone4 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone5 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone6 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone7 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone8 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone9 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Data Availability Services Search vendor "Netapp" for product "Data Availability Services" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Oncommand System Manager Search vendor "Netapp" for product "Oncommand System Manager" | >= 3.0.0 <= 3.1.3 Search vendor "Netapp" for product "Oncommand System Manager" and version " >= 3.0.0 <= 3.1.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Agile Engineering Data Management Search vendor "Oracle" for product "Agile Engineering Data Management" | 6.2.1.0 Search vendor "Oracle" for product "Agile Engineering Data Management" and version "6.2.1.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Agile Product Lifecycle Management Search vendor "Oracle" for product "Agile Product Lifecycle Management" | 9.3.3 Search vendor "Oracle" for product "Agile Product Lifecycle Management" and version "9.3.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Agile Product Lifecycle Management Search vendor "Oracle" for product "Agile Product Lifecycle Management" | 9.3.5 Search vendor "Oracle" for product "Agile Product Lifecycle Management" and version "9.3.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Agile Product Lifecycle Management Search vendor "Oracle" for product "Agile Product Lifecycle Management" | 9.3.6 Search vendor "Oracle" for product "Agile Product Lifecycle Management" and version "9.3.6" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Element Manager Search vendor "Oracle" for product "Communications Element Manager" | 8.1.1 Search vendor "Oracle" for product "Communications Element Manager" and version "8.1.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Element Manager Search vendor "Oracle" for product "Communications Element Manager" | 8.2.0 Search vendor "Oracle" for product "Communications Element Manager" and version "8.2.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Element Manager Search vendor "Oracle" for product "Communications Element Manager" | 8.2.1 Search vendor "Oracle" for product "Communications Element Manager" and version "8.2.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Instant Messaging Server Search vendor "Oracle" for product "Communications Instant Messaging Server" | 10.0.1.4.0 Search vendor "Oracle" for product "Communications Instant Messaging Server" and version "10.0.1.4.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Health Sciences Empirica Inspections Search vendor "Oracle" for product "Health Sciences Empirica Inspections" | 1.0.1.2 Search vendor "Oracle" for product "Health Sciences Empirica Inspections" and version "1.0.1.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Health Sciences Empirica Signal Search vendor "Oracle" for product "Health Sciences Empirica Signal" | 7.3.3 Search vendor "Oracle" for product "Health Sciences Empirica Signal" and version "7.3.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Hospitality Guest Access Search vendor "Oracle" for product "Hospitality Guest Access" | 4.2.0 Search vendor "Oracle" for product "Hospitality Guest Access" and version "4.2.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Hospitality Guest Access Search vendor "Oracle" for product "Hospitality Guest Access" | 4.2.1 Search vendor "Oracle" for product "Hospitality Guest Access" and version "4.2.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Hyperion Infrastructure Technology Search vendor "Oracle" for product "Hyperion Infrastructure Technology" | 11.1.2.4 Search vendor "Oracle" for product "Hyperion Infrastructure Technology" and version "11.1.2.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Instantis Enterprisetrack Search vendor "Oracle" for product "Instantis Enterprisetrack" | >= 17.1 <= 17.3 Search vendor "Oracle" for product "Instantis Enterprisetrack" and version " >= 17.1 <= 17.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Enterprise Monitor Search vendor "Oracle" for product "Mysql Enterprise Monitor" | >= 4.0.0 <= 4.0.12 Search vendor "Oracle" for product "Mysql Enterprise Monitor" and version " >= 4.0.0 <= 4.0.12" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Enterprise Monitor Search vendor "Oracle" for product "Mysql Enterprise Monitor" | >= 8.0.0 <= 8.0.20 Search vendor "Oracle" for product "Mysql Enterprise Monitor" and version " >= 8.0.0 <= 8.0.20" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Order Broker Search vendor "Oracle" for product "Retail Order Broker" | 15.0 Search vendor "Oracle" for product "Retail Order Broker" and version "15.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Siebel Ui Framework Search vendor "Oracle" for product "Siebel Ui Framework" | <= 20.5 Search vendor "Oracle" for product "Siebel Ui Framework" and version " <= 20.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Transportation Management Search vendor "Oracle" for product "Transportation Management" | 6.3.7 Search vendor "Oracle" for product "Transportation Management" and version "6.3.7" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Workload Manager Search vendor "Oracle" for product "Workload Manager" | 12.2.0.1 Search vendor "Oracle" for product "Workload Manager" and version "12.2.0.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Workload Manager Search vendor "Oracle" for product "Workload Manager" | 18c Search vendor "Oracle" for product "Workload Manager" and version "18c" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Workload Manager Search vendor "Oracle" for product "Workload Manager" | 19c Search vendor "Oracle" for product "Workload Manager" and version "19c" | - |
Affected
| ||||||