CVE-2023-46589
Published: Nov 28, 2023
Modified: Oct 29, 2025
Description
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Tomcat | affected 11.0.0-M1 - <= 11.0.0-M10affected 10.1.0-M1 - <= 10.1.15affected 9.0.0-M1 - <= 9.0.82affected 8.5.0 - <= 8.5.95unknown 3 - < 8.5.0+1 more versions |
Weaknesses (CWE)
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now