What is CVE-2019-17569?

CVE-2019-17569 is a vulnerability in Apache Tomcat. Published 2020-02-24.

Is CVE-2019-17569 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Tomcat

CVE-2019-17569

The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possi…

EPSS: 0.062 (91.0th percentile) — read the EPSS interpretation.

Affected products

Apache Tomcat — versions Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50, 7.0.98 to 7.0.99

Public proof-of-concept exploits

References

[tomcat-announce] 20200224 [SECURITY] CVE-2019-17569 HTTP Request Smuggling (mailing-list, x_refsource_MLIST)
[debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update (mailing-list, x_refsource_MLIST)
openSUSE-SU-2020:0345 (vendor-advisory, x_refsource_SUSE)
[tomee-commits] 20200320 [jira] [Created] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 & CVE-2019-17569 vulnerabilities (mailing-list, x_refsource_MLIST)
[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2790) TomEE plus(7.0.7) is affected by CVE-2020-1935 & CVE-2019-17569 vulnerabilities (mailing-list, x_refsource_MLIST)
DSA-4673 (vendor-advisory, x_refsource_DEBIAN)
DSA-4680 (vendor-advisory, x_refsource_DEBIAN)
www.oracle.com/security-alerts/cpujul2020.html (x_refsource_MISC)
security.netapp.com/advisory/ntap-20200327-0005/ (x_refsource_CONFIRM)
www.oracle.com/security-alerts/cpuoct2020.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-17569?: CVE-2019-17569 is a vulnerability in Apache Tomcat. Published 2020-02-24.
Is CVE-2019-17569 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.