Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2021-33037

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.

CVSS v3:

  • Severity: Medium
  • Score: 5.3
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

Software From Fixed in
apache / tomcat 9.0.0.x 9.0.46.x
apache / tomcat 10.0.0.x 10.0.6.x
apache / tomcat 8.5.0 8.5.66.x
apache / tomee 8.0.6 8.0.6.x
debian / debian_linux 9.0 9.0.x
debian / debian_linux 10.0 10.0.x
oracle / managed_file_transfer 12.2.1.3.0 12.2.1.3.0.x
oracle / instantis_enterprisetrack 17.1 17.1.x
oracle / instantis_enterprisetrack 17.2 17.2.x
oracle / instantis_enterprisetrack 17.3 17.3.x
oracle / agile_plm 9.3.6 9.3.6.x
oracle / communications_policy_management 12.5.0 12.5.0.x
oracle / sd-wan_edge 9.0 9.0.x
oracle / managed_file_transfer 12.2.1.4.0 12.2.1.4.0.x
oracle / secure_global_desktop 5.6 5.6.x
oracle / hospitality_cruise_shipboard_property_management_system 20.1.0 20.1.0.x
oracle / communications_pricing_design_center 12.0.0.3.0 12.0.0.3.0.x
oracle / communications_session_route_manager 8.0.0 8.2.4.x
oracle / mysql_enterprise_monitor - 8.0.25.x
oracle / communications_session_report_manager 8.0.0 8.2.4.0.x
oracle / sd-wan_edge 9.1 9.1.x
oracle / utilities_testing_accelerator 6.0.0.2.2 6.0.0.2.2.x
oracle / utilities_testing_accelerator 6.0.0.3.1 6.0.0.3.1.x
oracle / utilities_testing_accelerator 6.0.0.1.1 6.0.0.1.1.x
oracle / communications_diameter_signaling_router 8.0.0.0 8.5.0.2.x
oracle / communications_cloud_native_core_policy 1.14.0 1.14.0.x
oracle / communications_cloud_native_core_service_communication_proxy 1.14.0 1.14.0.x
oracle / communications_instant_messaging_server 10.0.1.5.0 10.0.1.5.0.x
oracle / graph_server_and_client - 21.4
oracle / healthcare_translational_research 4.1.0 4.1.0.x
mcafee / epolicy_orchestrator 5.10.0-update_1 5.10.0-update_1.x
mcafee / epolicy_orchestrator 5.10.0-update_2 5.10.0-update_2.x
mcafee / epolicy_orchestrator 5.10.0-update_3 5.10.0-update_3.x
mcafee / epolicy_orchestrator 5.10.0-update_4 5.10.0-update_4.x
mcafee / epolicy_orchestrator 5.10.0-update_5 5.10.0-update_5.x
mcafee / epolicy_orchestrator 5.10.0-update_6 5.10.0-update_6.x
mcafee / epolicy_orchestrator 5.10.0 5.10.0.x
mcafee / epolicy_orchestrator - 5.10.0
mcafee / epolicy_orchestrator 5.10.0-update_7 5.10.0-update_7.x
mcafee / epolicy_orchestrator 5.10.0-update_8 5.10.0-update_8.x
mcafee / epolicy_orchestrator 5.10.0-update_9 5.10.0-update_9.x
mcafee / epolicy_orchestrator 5.10.0-update_10 5.10.0-update_10.x
org.apache.tomcat / tomcat 10.0.0-M1 10.0.7
org.apache.tomcat / tomcat 9.0.0-M1 9.0.48
org.apache.tomcat / tomcat 8.5.0 8.5.68