CVE-2023-45648

Summary

CVE-2023-45648 is an Improper Input Validation vulnerability in Apache Tomcat. It affects Tomcat versions 11.0.0-M1 through 11.0.0-M11, 10.1.0-M1 through 10.1.13, 9.0.0-M1 through 9.0.81, and 8.5.0 through 8.5.93. This vulnerability allows for request smuggling when behind a reverse proxy due to the incorrect parsing of HTTP trailer headers by Tomcat. To remediate this issue, users are advised to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards, or 8.5.94 onwards, as these versions contain the necessary fixes for the vulnerability to be resolved. This vulnerability has a risk score of 29 and is classified as medium severity according to the base score of 5.3 provided by [email protected] rating system. The potential danger this vulnerability poses to an organization is the possibility of request smuggling attacks that could lead to unauthorized access or information disclosure within the affected systems using Apache Tomcat versions mentioned above. The Common Weakness Enumeration (CWE) associated with this vulnerability is CWE-20 (Improper Input Validation), which highlights the nature of the flaw in handling input validation within Apache Tomcat's HTTP trailer headers parsing mechanism. It is worth noting that there is no available analysis description provided for this specific CVE at present.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.