ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Spectrum Jasper 6.4.3 - Apache Tomcat HTTP Request Smuggling(CVE-2020-1935)


Article ID: 200358


Updated On:


CA Spectrum CA eHealth


Jasper version: 6.4.3

Tomcat version:
Server version: Apache Tomcat/8.5.24

Our internal security Team identified a Vulnerability on Jasper(Spectrum) Tomcat "Apache Tomcat HTTP Request Smuggling(CVE-2020-1935)".

Apache Tomcat HTTP Request Smuggling(CVE-2020-1935)


" Apache Tomcat is an open source web server and servlet container developed by the Apache Software Foundation. 

HTTP Request Smuggling vulnerability exists if Apache Tomcat is located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. 

 Affected Versions: 
Apache Tomcat 9.0.0.M1 to 9.0.30 
Apache Tomcat 8.5.0 to 8.5.50 
Apache Tomcat 7.0.0 to 7.0.99 

QID Detection Logic: 
The QID  checks for vulnerable version by sending a  GET /QUALYS13812 HTTP/1.0 request which helps in retrieving the installed version of Apache Tomcat in the banner of the response."

Exploitation of the vulnerability could lead to HTTP request smuggling.


Jasper Version is 6.4.3

Tomcat version: Apache Tomcat/8.5.24

As per the scanner report, under vulnerable versions, Apache Tomcat 8.5.0 to 8.5.50 is listed


Release : 10.4

Jasper Version is 6.4.3

Tomcat version: Apache Tomcat/8.5.24

Component : OneClick Report Manager / Jaspersoft / CABI



Export the data

Import and export data in Jasper Reports Server



Uninstall Jasper 

Uninstall CA Business Intelligence JasperReports Server


Step 3:

Install Jasper with custom Tomcat Version 

You can follow the steps given in below link

JasperServer GUI Installaion 


In Step 8 

choose custom install

if a different version of Apache Tomcat is required, select Custom Install. In subsequent steps, the location and/or connection information about one or both of these pre-installed components must be provided. If a custom install is preferred, select Custom Install, then click Next (skip to section Custom Installation below to continue).



Import the Data

Import and export data in Jasper Reports Server