CVE-2021-33037 Apache Tomcat HTTP request smuggling

book

Article ID: 225893

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Suite

Issue/Introduction

As per the link below, Tomcat is vulnerable to HTTP request smuggling.

http://mail-archives.us.apache.org/mod_mbox/www-announce/202107.mbox/%3Cd050b202-b64e-bc6f-a630-2dd83202f23a%40apache.org%3E

The TOMCAT version that came integrated with CABI 7.1.1 is vulnerable.

What is the upgrade process for Tomcat from 8.5.30 be upgraded to 8.5.68 or higher?

Environment

Release : 14.3

Component :

Resolution

Download the most recent minor release of Tomcat 8.5.X from the below link:

https://tomcat.apache.org/download-80.cgi

For upgrading the minor version you can try the below steps before doing a reinstall.

1) Back up your current Tomcat directory -- just in case
2) Download and extract the new version to a local directory
3) Stop Tomcat
4) Replace the files in /old-tomcat/lib with files from /new-tomcat/lib
5) Start Tomcat

Reference the below guide from Apache for further information:

https://wiki.eveoh.nl/pages/viewpage.action?pageId=40730656