CVEs-PoC/2020/CVE-2020-1935.md at b0e96c877abb080d7cf221c036336480ff266ccf

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-09 19:17:37 +02:00

Files

T

0xMarcio 6100550298 Update CVE sources 2024-06-22 09:37

2024-06-22 09:37:59 +00:00

Description

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

POC

Reference

https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html

Github

https://github.com/mklmfane/betvictor
https://github.com/mo-xiaoxi/HDiff
https://github.com/raner/projo
https://github.com/versio-io/product-lifecycle-security-api
https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough

1.2 KiB Raw Blame History

CVE-2020-1935

Description

POC

Reference

Github

1.2 KiB

Raw Blame History