{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T00:06:44.210","vulnerabilities":[{"cve":{"id":"CVE-2021-33037","sourceIdentifier":"security@apache.org","published":"2021-07-12T15:15:08.400","lastModified":"2024-11-21T06:08:10.320","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding."},{"lang":"es","value":"Apache Tomcat versiones 10.0.0-M1 hasta 10.0.6, versiones 9.0.0.M1 hasta 9.0.46 y versiones 8.5.0 hasta 8.5.66, no analizaban correctamente el encabezado de petición HTTP transfer-encoding en algunas circunstancias, conllevando a la posibilidad de contrabando de peticiones cuando se usaba con un proxy inverso. Específicamente: - Tomcat ignoraba incorrectamente el encabezado de codificación de transferencia si el cliente declaraba que sólo aceptaría una respuesta HTTP/1.0; - Tomcat honraba la codificación de identificación; y - Tomcat no se aseguraba de que, si estaba presente, la codificación en trozos fuera la codificación final"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-444"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.0","versionEndIncluding":"8.5.66","matchCriteriaId":"A733D5AD-3CD1-4D8E-8114-00EE3C39AF59"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartExcluding":"9.0.0","versionEndIncluding":"9.0.46","matchCriteriaId":"201299B5-52B5-4845-A9E5-22A533A935A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartExcluding":"10.0.0","versionEndIncluding":"10.0.6","matchCriteriaId":"C73FF8E1-9BE4-404F-B88C-AB7DBF25168E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomee:8.0.6:*:*:*:*:*:*:*","matchCriteriaId":"BD41F07F-EDA1-45B1-8BB4-2918918527D3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*","matchCriteriaId":"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*","matchCriteriaId":"4479F76A-4B67-41CC-98C7-C76B81050F8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*","matchCriteriaId":"0AB059F2-FEC4-4180-8A90-39965495055E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.5.0.2","matchCriteriaId":"590ADE5F-0D0F-4576-8BA6-828758823442"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*","matchCriteriaId":"C4A94B36-479F-48F2-9B9E-ACEA2589EF48"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*","matchCriteriaId":"5312AC7A-3C16-4967-ACA6-317289A749D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*","matchCriteriaId":"D7B49D71-6A31-497A-B6A9-06E84F086E7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndIncluding":"8.2.4.0","matchCriteriaId":"9B7C949D-0AB3-4566-9096-014C82FC1CF1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndIncluding":"8.2.4","matchCriteriaId":"1FDBAD8E-C926-4D6F-9FD2-B0428980D6DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*","versionEndExcluding":"21.4","matchCriteriaId":"29312DB7-AFD2-459E-A166-95437ABED12C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*","matchCriteriaId":"523391D8-CB84-4EBD-B337-6A99F52E537F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*","matchCriteriaId":"05F5B430-8BA1-4865-93B5-0DE89F424B53"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*","matchCriteriaId":"82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*","matchCriteriaId":"B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*","matchCriteriaId":"7F69B9A5-F21B-4904-9F27-95C0F7A628E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A2E3E923-E2AD-400D-A618-26ADF7F841A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"9AB58D27-37F2-4A32-B786-3490024290A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0.25","matchCriteriaId":"88627B99-16DC-4878-A63A-A40F6FC1F477"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*","matchCriteriaId":"77E39D5C-5EFA-4FEB-909E-0A92004F2563"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*","matchCriteriaId":"06816711-7C49-47B9-A9D7-FB18CC3F42F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:*","matchCriteriaId":"9DA11710-9EA8-49B4-8FD1-3AEE442F6ADC"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"A3ED272C-A545-4F8C-86C0-2736B3F2DCAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*","matchCriteriaId":"C5B4C338-11E1-4235-9D5A-960B2711AC39"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*","matchCriteriaId":"8C93F84E-9680-44EF-8656-D27440B51698"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.0","matchCriteriaId":"A30F7908-5AF6-4761-BC6A-4C18EFAE48E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*","matchCriteriaId":"0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*","matchCriteriaId":"7B00DDE7-7002-45BE-8EDE-65D964922CB0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*","matchCriteriaId":"DB88C165-BB24-49FB-AAF6-087A766D5AD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*","matchCriteriaId":"FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*","matchCriteriaId":"7DE847E0-431D-497D-9C57-C4E59749F6A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*","matchCriteriaId":"46385384-5561-40AA-9FDE-A2DE4FDFAD3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*","matchCriteriaId":"B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*","matchCriteriaId":"9E4E5481-1070-4E1F-8679-1985DE4E785A"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*","matchCriteriaId":"D9EEA681-67FF-43B3-8610-0FA17FD279E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*","matchCriteriaId":"C33BA8EA-793D-4E79-BE9C-235ACE717216"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*","matchCriteriaId":"823DBE80-CB8D-4981-AE7C-28F3FDD40451"}]}]}],"references":[{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10366","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r290aee55b72811fd19e75ac80f6143716c079170c5671b96932ed44b%40%3Ccommits.tomee.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262%40%3Ccommits.tomee.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3Cannounce.tomcat.apache.org%3E","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https://lists.apache.org/thread.html/rc6ef52453bb996a98cb45442871a1db56b7c349939e45d829bf9ae37%40%3Ccommits.tomee.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rd0dfea39829bc0606c936a16f6fca338127c86c0a1083970b45ac8d2%40%3Ccommits.tomee.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7%40%3Ccommits.tomee.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rf1b54fd3f52f998ca4829159a88cc4c23d6cef5c6447d00948e75c97%40%3Ccommits.tomee.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202208-34","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20210827-0007/","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2021/dsa-4952","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10366","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r290aee55b72811fd19e75ac80f6143716c079170c5671b96932ed44b%40%3Ccommits.tomee.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262%40%3Ccommits.tomee.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3Cannounce.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]},{"url":"https://lists.apache.org/thread.html/rc6ef52453bb996a98cb45442871a1db56b7c349939e45d829bf9ae37%40%3Ccommits.tomee.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rd0dfea39829bc0606c936a16f6fca338127c86c0a1083970b45ac8d2%40%3Ccommits.tomee.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7%40%3Ccommits.tomee.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rf1b54fd3f52f998ca4829159a88cc4c23d6cef5c6447d00948e75c97%40%3Ccommits.tomee.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202208-34","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20210827-0007/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2021/dsa-4952","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}