CVSS 3.1 Score 5.3 of 10 (medium)


Published Oct 10, 2023
Updated: Nov 4, 2023


CVE-2023-45648 is an Improper Input Validation vulnerability in Apache Tomcat. It affects Tomcat versions 11.0.0-M1 through 11.0.0-M11, 10.1.0-M1 through 10.1.13, 9.0.0-M1 through 9.0.81, and 8.5.0 through 8.5.93. This vulnerability allows for request smuggling when behind a reverse proxy due to the incorrect parsing of HTTP trailer headers by Tomcat. To remediate this issue, users are advised to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards, or 8.5.94 onwards, as these versions contain the necessary fixes for the vulnerability to be resolved.

This vulnerability has a risk score of 29 and is classified as medium severity according to the base score of 5.3 provided by rating system.

The potential danger this vulnerability poses to an organization is the possibility of request smuggling attacks that could lead to unauthorized access or information disclosure within the affected systems using Apache Tomcat versions mentioned above.

The Common Weakness Enumeration (CWE) associated with this vulnerability is CWE-20 (Improper Input Validation), which highlights the nature of the flaw in handling input validation within Apache Tomcat's HTTP trailer headers parsing mechanism.

It is worth noting that there is no available analysis description provided for this specific CVE at present.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-45648 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options