apache tomcat CVE-2021-33037 vulnerability in Apache and Other Products
Published on July 12, 2021

product logo product logo product logo product logo product logo product logo
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.

Vendor Advisory Vendor Advisory NVD

Weakness Type

What is a HTTP Request Smuggling Vulnerability?

When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to "smuggle" a request to one device without the other device being aware of it.

CVE-2021-33037 has been classified to as a HTTP Request Smuggling vulnerability or weakness.


Products Associated with CVE-2021-33037

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-33037 are published in these products:

Apache Tomcat
 
Apache Tomee
 
Debian Linux
 
Oracle Communications Diameter Signaling Router
 
Oracle Communications Policy Management
 
Oracle Communications Pricing Design Center
 
Oracle Communications Session Report Manager
 
Oracle Communications Session Route Manager
 
Oracle Instantis Enterprisetrack
 
Oracle Mysql Enterprise Monitor
 
Oracle Secure Global Desktop
 
McAfee Epolicy Orchestrator
 
Oracle Agile Plm
 
Oracle Communications Cloud Native Core Policy
 
Oracle Communications Cloud Native Core Service Communication Proxy
 
Oracle Communications Instant Messaging Server
 
Oracle Graph Server And Client
 
Oracle Hospitality Cruise Shipboard Property Management System
 
Oracle Sd Wan Edge
 
Oracle Utilities Testing Accelerator
 
Canonical Ubuntu Linux
 
Oracle Managed File Transfer
 
Oracle Healthcare Translational Research
 
Oracle
 

Affected Versions

Apache Software Foundation Apache Tomcat:

Exploit Probability

EPSS
1.87%
Percentile
82.69%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.