mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-25 00:14:09 +02:00
0xMarcio
1.6 KiB
1.6 KiB
CVE-2020-1935
Description
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.
POC
Reference
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
Github
- https://github.com/TechnicalSR/Task-3-Perform-a-Basic-Vulnerability-Scan-on-Your-PC
- https://github.com/dusbot/cpe2cve
- https://github.com/m3n0sd0n4ld/uCVE
- https://github.com/mklmfane/betvictor
- https://github.com/mo-xiaoxi/HDiff
- https://github.com/raner/projo
- https://github.com/versio-io/product-lifecycle-security-api
- https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough