Hello, I was sent this information, I hope this meets your expectations.
----------------------------------------------------------------------------------------- Request 1 GET / HTTP/1.1 Host: rplans.army.mil Accept-Encoding: gzip, deflate Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US;q=0.9,en;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.93 Safari/537.36 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="113", "Chromium";v="113" Sec-CH-UA-Platform: Windows Sec-CH-UA-Mobile: ?0 Content-Length: 61 Cookie: ai_user=zah6PVBAYp+ILUaHTr/CZn|2023-06-27T16:40:26.575Z; ai_session=4yP6RgcdmaqsiFQJVdym6I|1687884026682|1687884026682; _ga=GA1.2.1707569457.1687904638; _gid=GA1.2.1713949416.1687904638; _gat=1 GET /j6pnv4c5dp?j6pnv4c5dp=j6pnv4c5dp HTTP/1.1 X: kyhzap9frc Response 1 HTTP/1.1 301 Moved Permanently Server: AkamaiGHost Content-Length: 0 Location: https://rplans.army.mil/ Date: Wed, 28 Jun 2023 01:37:07 GMT Connection: Keep-Alive Request 2 GET / HTTP/1.1 Host: rplans.army.mil Accept-Encoding: gzip, deflate Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US;q=0.9,en;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.93 Safari/537.36 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="113", "Chromium";v="113" Sec-CH-UA-Platform: Windows Sec-CH-UA-Mobile: ?0 Content-Length: 61 Cookie: ai_user=zah6PVBAYp+ILUaHTr/CZn|2023-06-27T16:40:26.575Z; ai_session=4yP6RgcdmaqsiFQJVdym6I|1687884026682|1687884026682; _ga=GA1.2.1707569457.1687904638; _gid=GA1.2.1713949416.1687904638; _gat=1 GET /j6pnv4c5dp?j6pnv4c5dp=j6pnv4c5dp HTTP/1.1 X: kyhzap9frc Response 2 HTTP/1.1 301 Moved Permanently Server: AkamaiGHost Content-Length: 0 Location: https://rplans.army.mil/j6pnv4c5dp?j6pnv4c5dp=j6pnv4c5dp Date: Wed, 28 Jun 2023 01:37:09 GMT Connection: Keep-Alive ------------------------------------------------------------------------------------------------------------------------- V/r, James Boggs | Senior DBA/SA | Mobile: 571-337-0535 “Trust, Integrity, Loyalty to Our Customers, Employees and Partner” VA Verified (SDVOSB) | SBA Certified 8(a) | SB | SDB | MBE/DBE (MD) | SWaM (VA) ISO 9001:2015|ISO/IEC 20000-1:2018|ISO/IEC 27001:2013| CMMI-DEV Level 3 Appraised | GSA Schedule Holder: IT-70#:GS35F237AA GSA 8(a) STARS III#: 47QTCB21D0030 CIO-SP3 Contract#: HHSN316201800033W(SDVOSB) CIO-SP3 Contract#: HHSN316201800054W(HUBZone) Seaport-NXG Contract#: N00178-19-D-8420 eFAST Contract#: DTFAWA-13-A-00074 -----Original Message----- From: Mark Thomas <ma...@apache.org> Sent: Wednesday, July 5, 2023 12:59 PM To: users@tomcat.apache.org Subject: Re: Apache Tomcat request smuggling in 9.0.68? Without knowing which vulnerability is being tested for and how the vulnerability is being tested for I don't think anyone here will be able to help. A (cleartext) tcpdump of the associated request(s) and response(s) would also be helpful. Mark On 05/07/2023 17:51, James Boggs wrote: > Hi, > > We have Apache Tomcat 0.0.73 installed on a Windows Server 2019 o/s > which is has a Request Smuggling vulnerability being reported in a > BURP scan. > > Here Tomcat documentation reports Request Smuggling has been fixed in > 9.0.68, so we don’t understand why it would still be reported using 9.0.73. > > Any insights on this? > > We have been told the proxy in use only supports HTTP1, so HTTP2 is > not an option. > > V/r, > > James Boggs | Senior DBA/SA | Mobile: 571-337-0535 /“Trust, Integrity, > Loyalty to Our Customers, Employees and Partner”/ */VA Verified > (SDVOSB)/* | */SBA Certified 8(a)/* | */SB/* | */SDB/* | */MBE/DBE > (MD)/* | */SWaM (VA)/* > I*SO* 9001:2015|*ISO/IEC* 20000-1:2018|*ISO/IEC* 27001:2013| > *CMMI-DEV* Level 3 Appraised | > > GSA Schedule Holder: IT-70#:GS35F237AA > > GSA 8(a) STARS III#: 47QTCB21D0030 > > CIO-SP3 Contract#: HHSN316201800033W(SDVOSB) > > CIO-SP3 Contract#: HHSN316201800054W(HUBZone) > > Seaport-NXG Contract#: N00178-19-D-8420 > > eFAST Contract#: DTFAWA-13-A-00074 > > Fax: 410-814-7539 _|jbo...@rightdirectiontech.com > <mailto:|jbo...@rightdirectiontech.com>_ > > RightDirection Technology Solutions, LLC | 300 E. Lombard St Suite 840 > | Baltimore, MD 21202| > > www.rightdirectiontech.com <http://www.rightdirectiontech.com/> > > Please Go Green! Please do not print this e-mail unless necessary. > > > Notice of Confidentiality: This e-mail and any attachments thereto, > are intended only for use by the addressee(s) named herein and may > contain legally privileged and/or confidential information. If you are > not the intended recipient of this e-mail (or the person responsible > for delivering this document to the intended recipient), you are > hereby notified that any dissemination, distribution, printing or > copying of this e-mail, and any attachment thereto, is strictly > prohibited. If you have received this e-mail in error, please respond > to the individual sending the message, and permanently delete the > original and any copy of any e-mail and printout thereof. > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
