| Package | tomcat8 |
|---|---|
| Version | 8.0.14-1+deb8u28 (jessie) |
| Related CVEs | CVE-2023-46589 |
Norihito Aimoto of OSSTech Corporation discovered a security vulnerability in the Tomcat servlet and JSP engine.
A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.
For Debian 8 jessie, these problems have been fixed in version 8.0.14-1+deb8u28.
We recommend that you upgrade your tomcat8 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.