Ubuntu
tomcat9 package

Request header parsing fails in some cases with Tomcat 9.0.31

Bug #1913384 reported by Sebastian on 2021-01-27

This bug affects 5 people

Affects		Status	Importance	Assigned to	Milestone
	tomcat9 (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

Request header parsing fails with Tomcat 9 in some cases. This bug has been reported and fixed upstream already: https://bz.apache.org/bugzilla/show_bug.cgi?id=64210. It's marked as P2 critical in the Tomcat bug tracker. Would it be possible to get this fix backported to the Tomcat 9 package in Ubuntu 20.04?

$ apt-cache policy tomcat9
tomcat9:
  Installed: 9.0.31-1ubuntu0.1
  Candidate: 9.0.31-1ubuntu0.1
  Version table:
*** 9.0.31-1ubuntu0.1 500
        500 http://fi.archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages
        500 http://fi.archive.ubuntu.com/ubuntu focal-security/universe amd64 Packages
        100 /var/lib/dpkg/status
     9.0.31-1 500
        500 http://fi.archive.ubuntu.com/ubuntu focal/universe amd64 Packages

See original description

Sebastian (slovdahl) on 2021-01-27

description:

updated

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-01-27:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in tomcat9 (Ubuntu):
status:	New → Confirmed

Revision history for this message

Evren Yurtesen (eyurtese-g) wrote on 2021-01-27:

I think we hit the same problem. I have installed `9.0.41-1` tomcat packages from [hirsute] and the problem disappeared. Can you please upgrade the tomcat package version in Ubuntu 20.04 repository?

Revision history for this message

Per Lundberg (perlun) wrote on 2021-02-19:

Here are some more details about this, from the Tomcat 9.0 changelog: https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html. Tomcat 9.0.33 introduces the fix:

> 64210: Correct a regression in the improvements to HTTP header validation that caused requests to be incorrectly treated as invalid if a CRLF sequence was split between TCP packets. Improve validation of request lines, including for HTTP/0.9 requests. (markt)

The exact upstream commit which has the fix is available here: https://github.com/apache/tomcat/commit/27a0c116e02ba9cd66873ded0e64b8c0fec2bc19

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntutomcat9 package

Request header parsing fails in some cases with Tomcat 9.0.31

Bug Description

Other bug subscribers

Related questions

Remote bug watches

Ubuntu
tomcat9 package