QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2020-1935

Back to search

CVE-2020-1935

Published: Feb 24, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

VendorProductVersions

Apache

Apache Tomcat

affected
Apache Tomcat 9.0.0.M1 to 9.0.30
affected
8.5.0 to 8.5.50
affected
7.0.0 to 7.0.99

References

openSUSE-SU-2020:0345
vendor-advisory
x_refsource_SUSE
DSA-4673
vendor-advisory
x_refsource_DEBIAN
DSA-4680
vendor-advisory
x_refsource_DEBIAN
[tomcat-users] 20200724 CVE-2020-1935
mailing-list
x_refsource_MLIST
[tomcat-users] 20200724 Re: CVE-2020-1935
mailing-list
x_refsource_MLIST
[tomcat-users] 20200724 RE: CVE-2020-1935
mailing-list
x_refsource_MLIST
[tomcat-users] 20200726 Re: CVE-2020-1935
mailing-list
x_refsource_MLIST
[tomcat-users] 20200727 RE: CVE-2020-1935
mailing-list
x_refsource_MLIST
USN-4448-1
vendor-advisory
x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now