{"vulnerability": "CVE-2022-42252", "sightings": [{"uuid": "2bc895bb-c642-4eec-9352-b5888cc1f831", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42252", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15134", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42252\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.\n\ud83d\udccf Published: 2022-11-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-06T15:09:20.374Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq\n2. https://security.gentoo.org/glsa/202305-37", "creation_timestamp": "2025-05-06T15:21:31.000000Z"}]}