Broadcom API Gateway 10.1 : CVE-2022-42252 Apache Tomcat Vulnerabilities
search cancel

Broadcom API Gateway 10.1 : CVE-2022-42252 Apache Tomcat Vulnerabilities


Article ID: 258443


Updated On:


CA API Gateway


CVE-2022-42252 : If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header



Release: 10.1


CVE-2022-4225 is a security vulnerability that affects certain versions of the Apache Tomcat Servlet Container. 
The vulnerability is related to the way the Tomcat container processes certain headers in HTTP requests.
An attacker could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable Tomcat server. 
This could allow the attacker to inject malicious code into the server, potentially leading to a complete compromise of the system.


Broadcom API Gateway 10.1 uses Apache Tomcat version 9.0.62, which was reported to be a release affected by this vulnerability.
However, the API Gateway product is NOT affected because it is not explicitly setting the 'rejectIllegalHeader' attribute.

This means that the vulnerability cannot be exploited against API Gateway 10.1 product