Without knowing which vulnerability is being tested for and how the
vulnerability is being tested for I don't think anyone here will be able
to help.
A (cleartext) tcpdump of the associated request(s) and response(s) would
also be helpful.
Mark
On 05/07/2023 17:51, James Boggs wrote:
Hi,
We have Apache Tomcat 0.0.73 installed on a Windows Server 2019 o/s
which is has a Request Smuggling vulnerability being reported in a BURP
scan.
Here Tomcat documentation reports Request Smuggling has been fixed in
9.0.68, so we don’t understand why it would still be reported using 9.0.73.
Any insights on this?
We have been told the proxy in use only supports HTTP1, so HTTP2 is not
an option.
V/r,
James Boggs | Senior DBA/SA | Mobile: 571-337-0535
/“Trust, Integrity, Loyalty to Our Customers, Employees and Partner”/
*/VA Verified (SDVOSB)/* | */SBA Certified 8(a)/* | */SB/* | */SDB/* |
*/MBE/DBE (MD)/* | */SWaM (VA)/*
I*SO* 9001:2015|*ISO/IEC* 20000-1:2018|*ISO/IEC* 27001:2013|
*CMMI-DEV* Level 3 Appraised |
GSA Schedule Holder: IT-70#:GS35F237AA
GSA 8(a) STARS III#: 47QTCB21D0030
CIO-SP3 Contract#: HHSN316201800033W(SDVOSB)
CIO-SP3 Contract#: HHSN316201800054W(HUBZone)
Seaport-NXG Contract#: N00178-19-D-8420
eFAST Contract#: DTFAWA-13-A-00074
Fax: 410-814-7539 _|jbo...@rightdirectiontech.com
<mailto:|jbo...@rightdirectiontech.com>_
RightDirection Technology Solutions, LLC | 300 E. Lombard St Suite 840 |
Baltimore, MD 21202|
www.rightdirectiontech.com <http://www.rightdirectiontech.com/>
Please Go Green! Please do not print this e-mail unless necessary.
Notice of Confidentiality: This e-mail and any attachments thereto, are
intended only for use by the addressee(s) named herein and may contain
legally privileged and/or confidential information. If you are not the
intended recipient of this e-mail (or the person responsible for
delivering this document to the intended recipient), you are hereby
notified that any dissemination, distribution, printing or copying of
this e-mail, and any attachment thereto, is strictly prohibited. If you
have received this e-mail in error, please respond to the individual
sending the message, and permanently delete the original and any copy of
any e-mail and printout thereof.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org