{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T04:53:10.943","vulnerabilities":[{"cve":{"id":"CVE-2019-17569","sourceIdentifier":"security@apache.org","published":"2020-02-24T22:15:11.903","lastModified":"2024-11-21T04:32:33.027","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely."},{"lang":"es","value":"La refactorización presente en Apache Tomcat versiones 9.0.28 hasta 9.0.30, versiones 8.5.48 hasta 8.5.50 y versiones 7.0.98 hasta 7.0.99, introdujo una regresión. El resultado de la regresión fue que los encabezados Transfer-Encoding no válidos fueron procesados incorrectamente, conllevando a una posibilidad de Tráfico No Autorizado de Peticiones HTTP si Tomcat se encontraba detrás de un proxy inverso que manejaba incorrectamente el encabezado Transfer-Encoding no válido de una manera particular. Tal proxy inverso es considerado improbable."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-444"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.98","versionEndIncluding":"7.0.99","matchCriteriaId":"8B3485F0-C7F0-4468-85FD-9C4A12FD3DEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.48","versionEndIncluding":"8.5.50","matchCriteriaId":"DCD8AFD6-3763-4D03-AC4F-66C7B649D7B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.28","versionEndIncluding":"9.0.30","matchCriteriaId":"53B6CAAC-0977-446D-B503-3F93550206F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomee:7.0.7:*:*:*:*:*:*:*","matchCriteriaId":"7A7AAD10-F3A5-46F1-8C38-ECB0E1DDA184"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","matchCriteriaId":"B620311B-34A3-48A6-82DF-6F078D7A4493"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*","matchCriteriaId":"0EF46487-B64A-454E-AECC-D74B83170ACD"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndIncluding":"3.1.3","matchCriteriaId":"34B80C9D-62AA-42FA-AB46-F8A414FCBE5E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"80C9DBB8-3D50-4D5D-859A-B022EB7C2E64"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*","matchCriteriaId":"D14ABF04-E460-4911-9C6C-B7BCEFE68E9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*","matchCriteriaId":"ED43772F-D280-42F6-A292-7198284D6FE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*","matchCriteriaId":"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"0DB23B9A-571E-4B77-B432-23F3DC9B67D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:health_sciences_empirica_inspections:1.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F5F58398-0001-42FE-BD17-44F924955C3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:health_sciences_empirica_signal:7.3.3:*:*:*:*:*:*:*","matchCriteriaId":"456AE11C-DD5B-4EA9-AA93-AAFC988830EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1A3DC116-2844-47A1-BEC2-D0675DD97148"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1","versionEndIncluding":"17.3","matchCriteriaId":"9A74FD5F-4FEA-4A74-8B92-72DFDE6BA464"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.12","matchCriteriaId":"9A3BBE71-CA00-4F54-9210-FC7572C87CFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndIncluding":"8.0.20","matchCriteriaId":"73573516-EDA0-4176-A3ED-2F7006C87F8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*","matchCriteriaId":"A58642E0-CA59-4DE6-A83C-F551FC621C32"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"AD848FE1-CFD7-490C-B008-DF3B30F3256F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:*","matchCriteriaId":"630C8E99-FE49-486E-9003-40B82809B7A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:*","matchCriteriaId":"C842DE9E-5E12-4295-AFA5-DEB5FEDE490A"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78%40%3Ccommits.tomee.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r88def002c5c78534674ca67472e035099fbe088813d50062094a1390%40%3Cannounce.tomcat.apache.org%3E","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743%40%3Ccommits.tomee.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20200327-0005/","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4673","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4680","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2021.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78%40%3Ccommits.tomee.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r88def002c5c78534674ca67472e035099fbe088813d50062094a1390%40%3Cannounce.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]},{"url":"https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743%40%3Ccommits.tomee.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20200327-0005/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4673","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4680","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}