vulnerability

Ubuntu: USN-7032-1 (CVE-2023-46589): Tomcat vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:C/A:N)	Nov 28, 2023	Sep 26, 2024	Apr 16, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:C/A:N)

Published

Nov 28, 2023

Added

Sep 26, 2024

Modified

Apr 16, 2026

Description

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single
request as multiple requests leading to the possibility of request
smuggling when behind a reverse proxy.

Older, EOL versions may also be affected.

Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.

Solutions

ubuntu-pro-upgrade-libtomcat8-embed-javaubuntu-pro-upgrade-libtomcat8-javaubuntu-pro-upgrade-libtomcat9-embed-javaubuntu-pro-upgrade-libtomcat9-javaubuntu-upgrade-libtomcat9-embed-javaubuntu-upgrade-libtomcat9-java

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report