| Package | tomcat7 |
|---|---|
| Version | 7.0.56-3+really7.0.109-1+deb8u6 (jessie) |
| Related CVEs | CVE-2023-46589 |
Norihito Aimoto of OSSTech Corporation discovered a security vulnerability in the Tomcat servlet and JSP engine.
A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.
For Debian 8 jessie, these problems have been fixed in version 7.0.56-3+really7.0.109-1+deb8u6.
We recommend that you upgrade your tomcat7 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.