官方郵件原文:
http://mail-archives.apache.org/mod_mbox/www-announce/201502.mbox/%[email protected]%3E
CVE編碼:CVE-2014-0227
漏洞名稱:Request Smuggling
危害程度:重要!
影響的版本包括:
- - Apache Tomcat 8.0.0-RC1 to 8.0.8
- - Apache Tomcat 7.0.0 to 7.0.54
- - Apache Tomcat 6.0.0 to 6.0.41
漏洞描述:
通過在chucked請求中包含一個非正常的chunk數據有可能導致Tomcat將該請求的部分數據當成一個新請求。
解決辦法:
(受到影響的用戶應儘快升級Tomcat軟件到下列版本)
- - Upgrade to Apache Tomcat 8.0.9 or later
- - Upgrade to Apache Tomcat 7.0.55 or later
- - Upgrade to Apache Tomcat 6.0.43 or later
(6.0.42 contains the fix but was not released)