Apache Releases Important Tomcat Update

LINK Apache Tomcat did not correctly parse the HTTP transfer-encoding requestheader in some circumstances leading to the possibility to requestsmuggling when used with a reverse proxy. Specifically: Tomcatincorrectly ignored the transfer-encoding header if the client declaredit would only accept an HTTP/1.0 response; Tomcat honoured the identifyencoding; and Tomcat did not ensure that, if present, the […]

Apache Tomcat Release

LINK Apache Tomcat released an update: Time to update CVE-2021-25122 h2c request mix-up Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.0 Apache Tomcat 9.0.0.M1 to 9.0.41 Apache Tomcat 8.5.0 to 8.5.61 Description: When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount […]