PT-2023-6329 · Apache+9 · Apache Tomcat+9

Jianjun Chen

Publicado

2023-10-10

Atualizado

2026-02-11

CVE-2023-45648

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.0-M11 Apache Tomcat versions 10.1.0-M1 through 10.1.13 Apache Tomcat versions 9.0.0-M1 through 9.0.81 Apache Tomcat versions 8.5.0 through 8.5.93

Description The issue is related to improper input validation in Apache Tomcat, where the server does not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests, leading to the possibility of request smuggling when behind a reverse proxy.

Recommendations Upgrade to version 11.0.0-M12 onwards Upgrade to version 10.1.14 onwards Upgrade to version 9.0.81 onwards Upgrade to version 8.5.94 onwards

Exploit

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALSA-2024:0125

ALSA-2024:0474

ALT-PU-2023-8058

ALT-PU-2024-4687

ALT-PU-2024-4975

ALT-PU-2025-2379

ALT-PU-2025-9146

BDU:2023-07041

BIT-TOMCAT-2023-45648

CESA-2024_0125

CVE-2023-45648

DLA-3617-1

DSA-5521-1

DSA-5522-1

GHSA-R6J3-PX5G-CQ3X

MGASA-2023-0319

OESA-2023-1788

OPENSUSE-SU-2024:13382-1

OPENSUSE-SU-2024_0472-1

RHSA-2023:6206

RHSA-2024:0125

RHSA-2024:0474

RHSA-2024_0125

RHSA-2024_0474

ROSA-SA-2024-2418

SUSE-SU-2023:4337-1

SUSE-SU-2023:4423-1

SUSE-SU-2024:0472-1

USN-7106-1

USN-7562-1

Produtos afetados

Alt Linux

Almalinux

Apache Tomcat

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

PT-2023-6329 · Apache+9 · Apache Tomcat+9

CVE-2023-45648

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 101