[java-sig-commits] [Bug 1397484] New: CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests

https://bugzilla.redhat.com/show_bug.cgi?id=1397484 Bug ID: 1397484 Summary: CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: aileenc(a)redhat.com, alee(a)redhat.com, aszczucz(a)redhat.com, bbaranow(a)redhat.com, bdawidow(a)redhat.com, bgollahe(a)redhat.com, bmaxwell(a)redhat.com, ccoleman(a)redhat.com, cdewolf(a)redhat.com, chazlett(a)redhat.com, csutherl(a)redhat.com, dandread(a)redhat.com, darran.lofthouse(a)redhat.com, dedgar(a)redhat.com, dmcphers(a)redhat.com, dosoudil(a)redhat.com, epp-bugs(a)redhat.com, felias(a)redhat.com, fnasser(a)redhat.com, gzaronik(a)redhat.com, hchiorea(a)redhat.com, hfnukal(a)redhat.com, hhorak(a)redhat.com, ivan.afonichev(a)gmail.com, jason.greene(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jawilson(a)redhat.com, jboss-set(a)redhat.com, jclere(a)redhat.com, jcoleman(a)redhat.com, jdg-bugs(a)redhat.com, jdoyle(a)redhat.com, jgoulding(a)redhat.com, jialiu(a)redhat.com, joelsmith(a)redhat.com, jokerman(a)redhat.com, jolee(a)redhat.com, jorton(a)redhat.com, jpallich(a)redhat.com, jshepherd(a)redhat.com, kanderso(a)redhat.com, krzysztof.daniel(a)gmail.com, lgao(a)redhat.com, lmeyer(a)redhat.com, mbabacek(a)redhat.com, mbaluch(a)redhat.com, me(a)coolsvap.net, miburman(a)redhat.com, mizdebsk(a)redhat.com, mmccomas(a)redhat.com, mnewsome(a)redhat.com, mweiler(a)redhat.com, myarboro(a)redhat.com, nwallace(a)redhat.com, ohudlick(a)redhat.com, pavelp(a)redhat.com, pgier(a)redhat.com, psakar(a)redhat.com, pslavice(a)redhat.com, rnetuka(a)redhat.com, rsvoboda(a)redhat.com, rzima(a)redhat.com, spinder(a)redhat.com, theute(a)redhat.com, trick(a)vanstaveren.us, ttarrant(a)redhat.com, twalsh(a)redhat.com, vhalbert(a)redhat.com, vtunka(a)redhat.com, weli(a)redhat.com The code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. Affects: 6.0.0 to 6.0.47, 7.0.0 to 7.0.72, 8.0.0.RC1 to 8.0.38, 8.5.0 to 8.5.6 Upstream patches: Tomcat 6.0.48: https://svn.apache.org/viewvc?view=rev&rev=1767683 Tomcat 7.0.73: http://svn.apache.org/viewvc?view=rev&rev=1767675 Tomcat 8.0.39: http://svn.apache.org/viewvc?view=rev&rev=1767653 Tomcat 8.5.8: http://svn.apache.org/viewvc?view=rev&rev=1767645 External References: https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48 https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8 -- You are receiving this mail because: You are on the CC list for the bug.