Attacker Value
Unknown
CVE-2019-17569
CVE-2019-17569
(Last updated November 08, 2023) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
4.8 Medium
Impact Score:
2.5
Exploitability Score:
2.2
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
Low
Integrity (I):
Low
Availability (A):
None
General Information
Vendors
- apache,
- debian,
- netapp,
- opensuse,
- oracle
Products
- agile engineering data management 6.2.1.0,
- agile plm 9.3.3,
- agile plm 9.3.5,
- agile plm 9.3.6,
- communications instant messaging server 10.0.1.4.0,
- data availability services -,
- debian linux 10.0,
- debian linux 9.0,
- health sciences empirica inspections 1.0.1.2,
- health sciences empirica signal 7.3.3,
- hospitality guest access 4.2.0,
- hospitality guest access 4.2.1,
- instantis enterprisetrack,
- leap 15.1,
- mysql enterprise monitor,
- oncommand system manager,
- tomcat,
- tomee 7.0.7,
- transportation management 6.3.7,
- workload manager 12.2.0.1,
- workload manager 18c,
- workload manager 19c
References
Advisory
