View all vulnerabilities

CVE-2023-45648

Apache Tomcat Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Older, EOL versions may also be affected.Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
5.3
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Versions
org.apache.tomcat:tomcat >= 11.0.0-M1 < 11.0.0-M12; org.apache.tomcat:tomcat >= 10.1.0-M1 < 10.1.14; org.apache.tomcat:tomcat >= 9.0.0-M1 < 9.0.81; org.apache.tomcat:tomcat >= 8.5.0 < 8.5.94; org.apache.tomcat.embed:tomcat-embed-core >= 11.0.0-M1 < 11.0.0-M12; org.apache.tomcat.embed:tomcat-embed-core >= 10.1.0-M1 < 10.1.14; org.apache.tomcat.embed:tomcat-embed-core >= 9.0.0-M1 < 9.0.81; org.apache.tomcat.embed:tomcat-embed-core >= 8.5.0 < 8.5.94
Severity
Medium
Ecosystem
Publish Date
October 10, 2023
Modified Date
August 8, 2025