What is CVE-2023-45648?

CVE-2023-45648 is a vulnerability in Apache Software Foundation Tomcat, classified under Improper Input Validation. Published 2023-10-10.

Is CVE-2023-45648 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Apache Software Foundation Tomcat

CVE-2023-45648

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A s…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.621 (98.4th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Tomcat — versions 11.0.0-M1, 10.1.0-M1, 9.0.0-M1

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp (vendor-advisory)

Frequently asked questions

What is CVE-2023-45648?: CVE-2023-45648 is a vulnerability in Apache Software Foundation Tomcat, classified under Improper Input Validation. Published 2023-10-10.
Is CVE-2023-45648 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.