CVE-2019-17569

{"id": "CVE-2019-17569", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.2}]}, "published": "2020-02-24T22:15:11.903", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78%40%3Ccommits.tomee.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r88def002c5c78534674ca67472e035099fbe088813d50062094a1390%40%3Cannounce.tomcat.apache.org%3E", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743%40%3Ccommits.tomee.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://security.netapp.com/advisory/ntap-20200327-0005/", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.debian.org/security/2020/dsa-4673", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.debian.org/security/2020/dsa-4680", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-444"}]}], "descriptions": [{"lang": "en", "value": "The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely."}, {"lang": "es", "value": "La refactorizaci\u00f3n presente en Apache Tomcat versiones 9.0.28 hasta 9.0.30, versiones 8.5.48 hasta 8.5.50 y versiones 7.0.98 hasta 7.0.99, introdujo una regresi\u00f3n. El resultado de la regresi\u00f3n fue que los encabezados Transfer-Encoding no v\u00e1lidos fueron procesados incorrectamente, conllevando a una posibilidad de Tr\u00e1fico No Autorizado de Peticiones HTTP si Tomcat se encontraba detr\u00e1s de un proxy inverso que manejaba incorrectamente el encabezado Transfer-Encoding no v\u00e1lido de una manera particular. Tal proxy inverso es considerado improbable."}], "lastModified": "2023-11-07T03:06:20.363", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B3485F0-C7F0-4468-85FD-9C4A12FD3DEA", "versionEndIncluding": "7.0.99", "versionStartIncluding": "7.0.98"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCD8AFD6-3763-4D03-AC4F-66C7B649D7B5", "versionEndIncluding": "8.5.50", "versionStartIncluding": "8.5.48"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53B6CAAC-0977-446D-B503-3F93550206F5", "versionEndIncluding": "9.0.30", "versionStartIncluding": "9.0.28"}, {"criteria": "cpe:2.3:a:apache:tomee:7.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A7AAD10-F3A5-46F1-8C38-ECB0E1DDA184"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EF46487-B64A-454E-AECC-D74B83170ACD"}, {"criteria": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34B80C9D-62AA-42FA-AB46-F8A414FCBE5E", "versionEndIncluding": "3.1.3", "versionStartIncluding": "3.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64"}, {"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D"}, {"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED43772F-D280-42F6-A292-7198284D6FE7"}, {"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2"}, {"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DB23B9A-571E-4B77-B432-23F3DC9B67D1"}, {"criteria": "cpe:2.3:a:oracle:health_sciences_empirica_inspections:1.0.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5F58398-0001-42FE-BD17-44F924955C3D"}, {"criteria": "cpe:2.3:a:oracle:health_sciences_empirica_signal:7.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "456AE11C-DD5B-4EA9-AA93-AAFC988830EB"}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148"}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94"}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A74FD5F-4FEA-4A74-8B92-72DFDE6BA464", "versionEndIncluding": "17.3", "versionStartIncluding": "17.1"}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A3BBE71-CA00-4F54-9210-FC7572C87CFB", "versionEndIncluding": "4.0.12"}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73573516-EDA0-4176-A3ED-2F7006C87F8E", "versionEndIncluding": "8.0.20", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A58642E0-CA59-4DE6-A83C-F551FC621C32"}, {"criteria": "cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD848FE1-CFD7-490C-B008-DF3B30F3256F"}, {"criteria": "cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "630C8E99-FE49-486E-9003-40B82809B7A3"}, {"criteria": "cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C842DE9E-5E12-4295-AFA5-DEB5FEDE490A"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}