Hi, We have Apache Tomcat 0.0.73 installed on a Windows Server 2019 o/s which is has a Request Smuggling vulnerability being reported in a BURP scan. Here Tomcat documentation reports Request Smuggling has been fixed in 9.0.68, so we don't understand why it would still be reported using 9.0.73. Any insights on this? We have been told the proxy in use only supports HTTP1, so HTTP2 is not an option.
V/r, James Boggs | Senior DBA/SA | Mobile: 571-337-0535 "Trust, Integrity, Loyalty to Our Customers, Employees and Partner" VA Verified (SDVOSB) | SBA Certified 8(a) | SB | SDB | MBE/DBE (MD) | SWaM (VA) ISO 9001:2015|ISO/IEC 20000-1:2018|ISO/IEC 27001:2013| CMMI-DEV Level 3 Appraised | GSA Schedule Holder: IT-70#:GS35F237AA GSA 8(a) STARS III#: 47QTCB21D0030 CIO-SP3 Contract#: HHSN316201800033W(SDVOSB) CIO-SP3 Contract#: HHSN316201800054W(HUBZone) Seaport-NXG Contract#: N00178-19-D-8420 eFAST Contract#: DTFAWA-13-A-00074 [cid:image001.png@01D9AF3F.5DD6D0E0] [cid:image002.png@01D9AF3F.5DD6D0E0] Fax: 410-814-7539 |jbo...@rightdirectiontech.com<mailto:|jbo...@rightdirectiontech.com> RightDirection Technology Solutions, LLC | 300 E. Lombard St Suite 840 | Baltimore, MD 21202 | www.rightdirectiontech.com<http://www.rightdirectiontech.com/> Please Go Green! Please do not print this e-mail unless necessary. Notice of Confidentiality: This e-mail and any attachments thereto, are intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail (or the person responsible for delivering this document to the intended recipient), you are hereby notified that any dissemination, distribution, printing or copying of this e-mail, and any attachment thereto, is strictly prohibited. If you have received this e-mail in error, please respond to the individual sending the message, and permanently delete the original and any copy of any e-mail and printout thereof.
