Details
-
Suggestion
-
Resolution: Unresolved
-
0
-
Description
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false.
Jira 8.20 versions before 8.20.15 and 9.4 versions before 9.4.1 are potentially vulnerable and should be updated to latest version in branch.
Attachments
Issue Links
- is cloned from
-
CONFSERVER-81074 Upgrade Tomcat to 9.0.68 or later to address CVE-2022-42252
- Closed