apache tomcat CVE-2020-1935 vulnerability in Apache and Other Products
Published on February 24, 2020

product logo product logo product logo product logo product logo product logo
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2020-1935

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-1935 are published in these products:

Apache Tomcat
 
NetApp Data Availability Services
 
Oracle Agile Plm
 
Oracle Hospitality Guest Access
 
Oracle Mysql Enterprise Monitor
 
Oracle Siebel Ui Framework
 
Oracle Transportation Management
 
Canonical Ubuntu Linux
 
Debian Linux
 
OpenSuse Leap
 
Oracle Communications Element Manager
 
Oracle Communications Instant Messaging Server
 
Oracle Health Sciences Empirica Signal
 
Oracle Instantis Enterprisetrack
 
Oracle Workload Manager
 
Oracle Agile Engineering Data Management
 
NetApp Oncommand System Manager
 
Oracle Agile Product Lifecycle Management
 
Oracle Health Sciences Empirica Inspections
 
Oracle Hyperion Infrastructure Technology
 
Oracle Retail Order Broker
 
Oracle
 

Affected Versions

Apache Tomcat:

Exploit Probability

EPSS
1.01%
Percentile
76.75%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.