CVE-2020-1935 - Medium Severity Vulnerability
Vulnerable Libraries - tomcat-embed-core-8.5.34.jar, tomcat-embed-core-7.0.37.jar, tomcat-embed-core-7.0.0.jar, tomcat-embed-core-8.0.41.jar, tomcat-embed-core-8.5.35.jar
tomcat-embed-core-8.5.34.jar
Core Tomcat implementation
Library home page: https://tomcat.apache.org/
Path to dependency file: /dd-java-agent/instrumentation/spring-webmvc-3.1/spring-webmvc-3.1.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/8.5.34/a038040d68a90397f95dd1e11b979fe364a5000f/tomcat-embed-core-8.5.34.jar
Dependency Hierarchy:
- spring-boot-starter-web-1.5.17.RELEASE.jar (Root Library)
- spring-boot-starter-tomcat-1.5.17.RELEASE.jar
- ❌ tomcat-embed-core-8.5.34.jar (Vulnerable Library)
tomcat-embed-core-7.0.37.jar
Core Tomcat implementation
Library home page: http://tomcat.apache.org/
Path to dependency file: /dd-java-agent/instrumentation/jsp-2.3/jsp-2.3.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/7.0.37/13754cedeae4b94451b4563111fad71dab9ae619/tomcat-embed-core-7.0.37.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/7.0.37/13754cedeae4b94451b4563111fad71dab9ae619/tomcat-embed-core-7.0.37.jar
Dependency Hierarchy:
- ❌ tomcat-embed-core-7.0.37.jar (Vulnerable Library)
tomcat-embed-core-7.0.0.jar
Core Tomcat implementation
Path to dependency file: /dd-java-agent/instrumentation/java-concurrent/lambda-testing/lambda-testing.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/7.0.0/a5d50d1a993f78091f62d1b4afcd553fe7295ebb/tomcat-embed-core-7.0.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/7.0.0/a5d50d1a993f78091f62d1b4afcd553fe7295ebb/tomcat-embed-core-7.0.0.jar,/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/7.0.0/a5d50d1a993f78091f62d1b4afcd553fe7295ebb/tomcat-embed-core-7.0.0.jar
Dependency Hierarchy:
- ❌ tomcat-embed-core-7.0.0.jar (Vulnerable Library)
tomcat-embed-core-8.0.41.jar
Core Tomcat implementation
Library home page: http://tomcat.apache.org/
Path to dependency file: /dd-java-agent/instrumentation/servlet/request-3/request-3.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/8.0.41/b686e91f23f870ed9db2720bd159f30c5d3974a4/tomcat-embed-core-8.0.41.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/8.0.41/b686e91f23f870ed9db2720bd159f30c5d3974a4/tomcat-embed-core-8.0.41.jar
Dependency Hierarchy:
- ❌ tomcat-embed-core-8.0.41.jar (Vulnerable Library)
tomcat-embed-core-8.5.35.jar
Core Tomcat implementation
Path to dependency file: /dd-smoke-tests/springboot/springboot.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/8.5.35/9c459829e1aa72669203dbbf6648dc3b6314644c/tomcat-embed-core-8.5.35.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/8.5.35/9c459829e1aa72669203dbbf6648dc3b6314644c/tomcat-embed-core-8.5.35.jar
Dependency Hierarchy:
- spring-boot-starter-web-1.5.18.RELEASE.jar (Root Library)
- spring-boot-starter-tomcat-1.5.18.RELEASE.jar
- ❌ tomcat-embed-core-8.5.35.jar (Vulnerable Library)
Found in HEAD commit: 2819174635979a19573ec0ce8e3e2b63a3848079
Found in base branch: master
Vulnerability Details
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.
Publish Date: 2020-02-24
URL: CVE-2020-1935
CVSS 3 Score Details (4.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-6v7p-v754-j89v
Release Date: 2020-02-24
Fix Resolution (org.apache.tomcat.embed:tomcat-embed-core): 8.5.51
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.0.0.RELEASE
Fix Resolution (org.apache.tomcat.embed:tomcat-embed-core): 8.5.51
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.0.0.RELEASE
⛑️ Automatic Remediation is available for this issue
CVE-2020-1935 - Medium Severity Vulnerability
tomcat-embed-core-8.5.34.jar
Core Tomcat implementation
Library home page: https://tomcat.apache.org/
Path to dependency file: /dd-java-agent/instrumentation/spring-webmvc-3.1/spring-webmvc-3.1.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/8.5.34/a038040d68a90397f95dd1e11b979fe364a5000f/tomcat-embed-core-8.5.34.jar
Dependency Hierarchy:
tomcat-embed-core-7.0.37.jar
Core Tomcat implementation
Library home page: http://tomcat.apache.org/
Path to dependency file: /dd-java-agent/instrumentation/jsp-2.3/jsp-2.3.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/7.0.37/13754cedeae4b94451b4563111fad71dab9ae619/tomcat-embed-core-7.0.37.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/7.0.37/13754cedeae4b94451b4563111fad71dab9ae619/tomcat-embed-core-7.0.37.jar
Dependency Hierarchy:
tomcat-embed-core-7.0.0.jar
Core Tomcat implementation
Path to dependency file: /dd-java-agent/instrumentation/java-concurrent/lambda-testing/lambda-testing.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/7.0.0/a5d50d1a993f78091f62d1b4afcd553fe7295ebb/tomcat-embed-core-7.0.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/7.0.0/a5d50d1a993f78091f62d1b4afcd553fe7295ebb/tomcat-embed-core-7.0.0.jar,/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/7.0.0/a5d50d1a993f78091f62d1b4afcd553fe7295ebb/tomcat-embed-core-7.0.0.jar
Dependency Hierarchy:
tomcat-embed-core-8.0.41.jar
Core Tomcat implementation
Library home page: http://tomcat.apache.org/
Path to dependency file: /dd-java-agent/instrumentation/servlet/request-3/request-3.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/8.0.41/b686e91f23f870ed9db2720bd159f30c5d3974a4/tomcat-embed-core-8.0.41.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/8.0.41/b686e91f23f870ed9db2720bd159f30c5d3974a4/tomcat-embed-core-8.0.41.jar
Dependency Hierarchy:
tomcat-embed-core-8.5.35.jar
Core Tomcat implementation
Path to dependency file: /dd-smoke-tests/springboot/springboot.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/8.5.35/9c459829e1aa72669203dbbf6648dc3b6314644c/tomcat-embed-core-8.5.35.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/8.5.35/9c459829e1aa72669203dbbf6648dc3b6314644c/tomcat-embed-core-8.5.35.jar
Dependency Hierarchy:
Found in HEAD commit: 2819174635979a19573ec0ce8e3e2b63a3848079
Found in base branch: master
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.
Publish Date: 2020-02-24
URL: CVE-2020-1935
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: GHSA-6v7p-v754-j89v
Release Date: 2020-02-24
Fix Resolution (org.apache.tomcat.embed:tomcat-embed-core): 8.5.51
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.0.0.RELEASE
Fix Resolution (org.apache.tomcat.embed:tomcat-embed-core): 8.5.51
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.0.0.RELEASE
⛑️ Automatic Remediation is available for this issue