| Package | tomcat8 |
|---|---|
| Version | 8.5.54-0+deb9u14 (stretch) |
| Related CVEs | CVE-2023-46589 |
An improper input validation vulnerability was discovered in Apache Tomcat. Tomcat did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests, leading to the possibility of request smuggling when behind a reverse proxy.
The update for Debian 8 “jessie” is pending.
For Debian 9 stretch, these problems have been fixed in version 8.5.54-0+deb9u14.
We recommend that you upgrade your tomcat8 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.