CVE-2019-17569

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 7.0.98 through 7.0.99 Apache Tomcat versions 8.5.48 through 8.5.50 Apache Tomcat versions 9.0.28 through 9.0.30

Description: The issue is related to the incorrect processing of invalid Transfer-Encoding headers, which can lead to HTTP Request Smuggling if Apache Tomcat is located behind a reverse proxy that incorrectly handles the invalid header. This can potentially allow a remote attacker to impact the confidentiality and integrity of protected information. The vulnerability is associated with inconsistent interpretation and handling of HTTP requests.

Recommendations: For Apache Tomcat versions 7.0.98 through 7.0.99, update to a version that includes the fix for this issue. For Apache Tomcat versions 8.5.48 through 8.5.50, update to a version that includes the fix for this issue. For Apache Tomcat versions 9.0.28 through 9.0.30, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the server when it is located behind a reverse proxy to minimize the risk of exploitation.