QID 150732

Apache Tomcat is an open source web server and servlet container developed by the Apache Software Foundation.

Multiple versions of Apache Tomcat are affected by the following vulnerabilities:

CVE-2023-42795: When recycling various internal objects, including the request and the response, prior to re-use by the next request/response, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next.

CVE-2023-44487: Tomcat's HTTP/2 implementation was vulnerable to the rapid reset attack. The denial of service typically manifested as an OutOfMemoryError.

CVE-2023-45648: Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.

Affected Versions:
Apache Tomcat 11.0.0-M1 to 11.0.0-M11
Apache Tomcat 10.1.0-M1 to 10.1.13
Apache Tomcat 9.0.0-M1 to 9.0.80
Apache Tomcat 8.5.0 to 8.5.93

QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to a invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.

Successful exploitation of this vulnerability could result in Denial of Service (DoS) attack or reveal sensitive information to an unauthorized attacker.