CVE-2023-46589 : APACHE TOMCAT UP TO 8.5.95/9.0.82/10.1.15/11.0.0-M10 HTTP TRAILER HEADER REQUEST SMUGGLING

Description

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.

References

https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr

http://www.openwall.com/lists/oss-security/2023/11/28/2

For More Information

CVERecord

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-26622 : LINUX KERNEL UP TO 6.8-RC6 TOMOYO_WRITE_CONTROL USE AFTER FREE

CVE-2024-26622 : LINUX KERNEL UP TO 6.8-RC6 TOMOYO_WRITE_CONTROL USE AFTER FREE

Description In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control()

CVE-2023-52479 : LINUX KERNEL UP TO 5.15.134/6.1.56/6.5.6 KSMBD SMB20_OPLOCK_BREAK_ACK USE AFTER FREE

CVE-2023-52479 : LINUX KERNEL UP TO 5.15.134/6.1.56/6.5.6 KSMBD SMB20_OPLOCK_BREAK_ACK USE AFTER FREE

Description In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix uaf in smb20_oplock_break_ack drop reference after use

CVE-2024-22459 : DELL ECS UP TO 3.6.2.5/3.7.0.6/3.8.0.4 ACCESS CONTROL

CVE-2024-22459 : DELL ECS UP TO 3.6.2.5/3.7.0.6/3.8.0.4 ACCESS CONTROL

Description Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access