Skip to main content

CVE-2019-17569 - incorrect transfer-encoding handling



A refactoring in Tomcat introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.


Apache Tomcat & Apache TomEE

Versions affected

Apache Tomcat

Tomcat 6.x
Tomcat 7.x
7.0.0 to 7.0.99
Tomcat 8.0.x
Tomcat 8.5.x
8.5.0 to 8.5.50
Tomcat 9.x
9.0.0.M1 to

Apache TomEE

TomEE 1.7.x
TomEE 7.0.x
7.0.0-M1 to 7.0.7
TomEE 7.1.x
7.1.0 to 7.1.2
TomEE 8.0.x
8.0.0-M1 to 8.0.1
Feel Vulnerable? 

Contact us so we can help you.

* These fields are required.