Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tomcat | Apache | * | 6.0.39 (including) |
Tomcat | Apache | 6 (including) | 6 (including) |
Tomcat | Apache | 6.0 (including) | 6.0 (including) |
Tomcat | Apache | 6.0.0 (including) | 6.0.0 (including) |
Tomcat | Apache | 6.0.0-alpha (including) | 6.0.0-alpha (including) |
Tomcat | Apache | 6.0.1 (including) | 6.0.1 (including) |
Tomcat | Apache | 6.0.1-alpha (including) | 6.0.1-alpha (including) |
Tomcat | Apache | 6.0.2 (including) | 6.0.2 (including) |
Tomcat | Apache | 6.0.2-alpha (including) | 6.0.2-alpha (including) |
Tomcat | Apache | 6.0.2-beta (including) | 6.0.2-beta (including) |
Tomcat | Apache | 6.0.3 (including) | 6.0.3 (including) |
Tomcat | Apache | 6.0.4 (including) | 6.0.4 (including) |
Tomcat | Apache | 6.0.4-alpha (including) | 6.0.4-alpha (including) |
Tomcat | Apache | 6.0.5 (including) | 6.0.5 (including) |
Tomcat | Apache | 6.0.6 (including) | 6.0.6 (including) |
Tomcat | Apache | 6.0.6-alpha (including) | 6.0.6-alpha (including) |
Tomcat | Apache | 6.0.7 (including) | 6.0.7 (including) |
Tomcat | Apache | 6.0.7-alpha (including) | 6.0.7-alpha (including) |
Tomcat | Apache | 6.0.7-beta (including) | 6.0.7-beta (including) |
Tomcat | Apache | 6.0.8 (including) | 6.0.8 (including) |
Tomcat | Apache | 6.0.8-alpha (including) | 6.0.8-alpha (including) |
Tomcat | Apache | 6.0.9 (including) | 6.0.9 (including) |
Tomcat | Apache | 6.0.9-beta (including) | 6.0.9-beta (including) |
Tomcat | Apache | 6.0.10 (including) | 6.0.10 (including) |
Tomcat | Apache | 6.0.11 (including) | 6.0.11 (including) |
Tomcat | Apache | 6.0.12 (including) | 6.0.12 (including) |
Tomcat | Apache | 6.0.13 (including) | 6.0.13 (including) |
Tomcat | Apache | 6.0.14 (including) | 6.0.14 (including) |
Tomcat | Apache | 6.0.15 (including) | 6.0.15 (including) |
Tomcat | Apache | 6.0.16 (including) | 6.0.16 (including) |
Tomcat | Apache | 6.0.17 (including) | 6.0.17 (including) |
Tomcat | Apache | 6.0.18 (including) | 6.0.18 (including) |
Tomcat | Apache | 6.0.19 (including) | 6.0.19 (including) |
Tomcat | Apache | 6.0.20 (including) | 6.0.20 (including) |
Tomcat | Apache | 6.0.24 (including) | 6.0.24 (including) |
Tomcat | Apache | 6.0.26 (including) | 6.0.26 (including) |
Tomcat | Apache | 6.0.27 (including) | 6.0.27 (including) |
Tomcat | Apache | 6.0.28 (including) | 6.0.28 (including) |
Tomcat | Apache | 6.0.29 (including) | 6.0.29 (including) |
Tomcat | Apache | 6.0.30 (including) | 6.0.30 (including) |
Tomcat | Apache | 6.0.31 (including) | 6.0.31 (including) |
Tomcat | Apache | 6.0.32 (including) | 6.0.32 (including) |
Tomcat | Apache | 6.0.33 (including) | 6.0.33 (including) |
Tomcat | Apache | 6.0.35 (including) | 6.0.35 (including) |
Tomcat | Apache | 6.0.36 (including) | 6.0.36 (including) |
Tomcat | Apache | 6.0.37 (including) | 6.0.37 (including) |