Uploaded image for project: 'Talend Component Kit'
  1. Talend Component Kit
  2. TCOMP-2295

Upgrade tomcat to 9.0.68

Apply templateInsert Lucidchart Diagram
    XMLWordPrintable

Details

    • GreenHopper Ranking:
      0|i2labn:
    • 9223372036854775807

    Description

      HTTP Request Smuggling in Talend/component-runtime (master)

      Issue Details

      • Vulnerability: HTTP Request Smuggling
      • Severity: Medium
      • Project: Talend/component-runtime
      • Branch: master
      • Scan Date: Unknown

      Issue Description

      Tomcat Coyote is vulnerable to http request smuggling. The vulnerability exists in the `parseHeader` function of `Http11InputBuffer.java` because tomcat doesn't properly reject the requests containing invalid Content-Length headers which allows an attacker to smuggle HTTP requests.

      View more details

      Attachments

        Activity

          People

            Unassigned Unassigned
            pteyssier pierre teyssier
            emmanuel gallois
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: