Re: Apache Tomcat request smuggling in 9.0.68?

Wed, 05 Jul 2023 09:59:40 -0700

Without knowing which vulnerability is being tested for and how the vulnerability is being tested for I don't think anyone here will be able to help.
A (cleartext) tcpdump of the associated request(s) and response(s) would also be helpful. 

Mark


On 05/07/2023 17:51, James Boggs wrote:

Hi,


We have Apache Tomcat 0.0.73 installed on a Windows Server 2019 o/s 
which is has a Request Smuggling vulnerability being reported in a BURP 
scan.



Here Tomcat documentation reports Request Smuggling has been fixed in 
9.0.68, so we don’t understand why it would still be reported using 9.0.73.


Any insights on this?


We have been told the proxy in use only supports HTTP1, so HTTP2 is not 
an option.


V/r,

James Boggs | Senior DBA/SA | Mobile: 571-337-0535
/“Trust, Integrity, Loyalty to Our Customers, Employees and Partner”/

*/VA Verified (SDVOSB)/* | */SBA Certified 8(a)/* | */SB/* | */SDB/* | 
*/MBE/DBE (MD)/* | */SWaM (VA)/*

I*SO* 9001:2015|*ISO/IEC* 20000-1:2018|*ISO/IEC* 27001:2013|
*CMMI-DEV* Level 3 Appraised |

GSA Schedule Holder: IT-70#:GS35F237AA

GSA 8(a) STARS III#: 47QTCB21D0030

CIO-SP3 Contract#: HHSN316201800033W(SDVOSB)

CIO-SP3 Contract#: HHSN316201800054W(HUBZone)

Seaport-NXG Contract#: N00178-19-D-8420

eFAST Contract#: DTFAWA-13-A-00074


Fax: 410-814-7539 _|jbo...@rightdirectiontech.com 
<mailto:|jbo...@rightdirectiontech.com>_



RightDirection Technology Solutions, LLC | 300 E. Lombard St Suite 840 | 
Baltimore, MD 21202|


www.rightdirectiontech.com <http://www.rightdirectiontech.com/>

Please Go Green! Please do not print this e-mail unless necessary.



Notice of Confidentiality: This e-mail and any attachments thereto, are 
intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the 
intended recipient of this e-mail (or the person responsible for 
delivering this document to the intended recipient), you are hereby 
notified that any dissemination, distribution, printing or copying of 
this e-mail, and any attachment thereto, is strictly prohibited. If you 
have received this e-mail in error, please respond to the individual 
sending the message, and permanently delete the original and any copy of 
any e-mail and printout thereof.




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org























					Reply via email to