CVE-2019-17569 vulnerability in Apache and Other Products
Published on February 24, 2020

The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2019-17569

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-17569 are published in these products:

Apache Tomcat

Apache Tomee

OpenSuse Leap

NetApp Oncommand System Manager

NetApp Data Availability Services

Debian Linux

Oracle Transportation Management

Oracle Hospitality Guest Access

Oracle Agile Plm

Oracle Instantis Enterprisetrack

Oracle Mysql Enterprise Monitor

Oracle Health Sciences Empirica Signal

Oracle Communications Instant Messaging Server

Oracle Health Sciences Empirica Inspections

Oracle Workload Manager

Oracle Agile Engineering Data Management

Affected Versions

Apache Tomcat:

Version Apache Tomcat 9.0.28 to 9.0.30 is affected.
Version 8.5.48 to 8.5.50 is affected.
Version 7.0.98 to 7.0.99 is affected.

Exploit Probability

EPSS

6.06%

Percentile

90.56%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-17569 vulnerability in Apache and Other ProductsPublished on February 24, 2020

Products Associated with CVE-2019-17569

Affected Versions

Exploit Probability

CVE-2019-17569 vulnerability in Apache and Other Products
Published on February 24, 2020