CVE-2023-46589 in Oracle MySQL Enterprise Monitorinfo

Summary

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.

Reservation

10/23/2023

Disclosure

11/28/2023

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
251256	Oracle MySQL Enterprise Monitor input validation	20	Not defined	Official fix	CVE-2023-46589
251039	Oracle Communications Policy Management CMP request smuggling	444	Not defined	Official fix	CVE-2023-46589
250950	Oracle Commerce Guided Search Content Acquisition System input validation	20	Not defined	Official fix	CVE-2023-46589
250948	Oracle Graph Server and Client Packaging request smuggling	444	Not defined	Official fix	CVE-2023-46589
250943	Oracle Big Data Spatial and Graph Big Data Graph request smuggling	444	Not defined	Official fix	CVE-2023-46589
246308	Apache Tomcat HTTP Trailer Header request smuggling	444	Not defined	Official fix	CVE-2023-46589

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!