Details of VAR-202107-1593

ID

VAR-202107-1593

CVE

CVE-2021-33037

TITLE

Apache Tomcat In HTTP Request Smuggling Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-003000

DESCRIPTION

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. It exists that Tomcat did not properly validate the input length. An attacker could possibly use this to trigger an infinite loop, resulting in a denial of service. (CVE-2020-9494, CVE-2021-25329, CVE-2021-41079). Description: Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 5.6.0 Security release Advisory ID: RHSA-2021:4861-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2021:4861 Issue date: 2021-11-30 CVE Names: CVE-2021-30640 CVE-2021-33037 CVE-2021-42340 ==================================================================== 1. Summary: Updated Red Hat JBoss Web Server 5.6.0 packages are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Web Server 5.6 for RHEL 7 Server - noarch, x86_64 Red Hat JBoss Web Server 5.6 for RHEL 8 - noarch, x86_64 3. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.6.0 serves as a replacement for Red Hat JBoss Web Server 5.5.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Security Fix(es): * tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS (CVE-2021-42340) * tomcat: HTTP request smuggling when used with a reverse proxy (CVE-2021-33037) * tomcat: JNDI realm authentication weakness (CVE-2021-30640) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat JBoss Web Server 5.6 for RHEL 7 Server: Source: jws5-tomcat-9.0.50-3.redhat_00004.1.el7jws.src.rpm jws5-tomcat-native-1.2.30-3.redhat_3.el7jws.src.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el7jws.src.rpm noarch: jws5-tomcat-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-java-jdk11-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-java-jdk8-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-javadoc-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-lib-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-selinux-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-vault-javadoc-1.1.8-4.Final_redhat_00004.1.el7jws.noarch.rpm jws5-tomcat-webapps-9.0.50-3.redhat_00004.1.el7jws.noarch.rpm x86_64: jws5-tomcat-native-1.2.30-3.redhat_3.el7jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.30-3.redhat_3.el7jws.x86_64.rpm Red Hat JBoss Web Server 5.6 for RHEL 8: Source: jws5-tomcat-9.0.50-3.redhat_00004.1.el8jws.src.rpm jws5-tomcat-native-1.2.30-3.redhat_3.el8jws.src.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el8jws.src.rpm noarch: jws5-tomcat-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-javadoc-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-lib-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-selinux-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-vault-1.1.8-4.Final_redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-vault-javadoc-1.1.8-4.Final_redhat_00004.1.el8jws.noarch.rpm jws5-tomcat-webapps-9.0.50-3.redhat_00004.1.el8jws.noarch.rpm x86_64: jws5-tomcat-native-1.2.30-3.redhat_3.el8jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.30-3.redhat_3.el8jws.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-30640 https://access.redhat.com/security/cve/CVE-2021-33037 https://access.redhat.com/security/cve/CVE-2021-42340 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYaaMntzjgjWX9erEAQibyg/9E3I1wMpKriqTZKlf1tGcPt4wShPVNKMh B4PC8t1vBZJZ2VBMrQJdmYBUKRn3mccCqUxd0ey/UfsacIoKvAACr18iXCxYc4cO MeNqy7SWRO+Kwze2fYpBu7w5dR34yhUQAN8DAOui7DduZsS209X7WhShrLSjzF5j g+nhRCi4l5QRwcy7NF4TAhmAN7f819BwDHQJI/ttaOHqEwsDnOlPNKbV0X4Hlkf5 5VRD/8ArImD7tqpSs/9YVh34MJLCVmVkWgHBDY0I06LcRSQJoRBZDEkoPRHQxU26 hKH5oDaVezm92RFFqfwo2HHY6eGJc/qTTcd/WeW4RDfx49+ARsOt2kvO2XcEo45A iUue2MayqnfdQHRI7MMNaaWoNudI2MVBcbQYhkTZcgApZEmtCe4taeo0YUvFqUeJ N1Awh8QIN5vqA7wKdtrHiQCMx/6/fqi3VtKN3LZEuUiRMM/sueqc1yob6piuU4Vk nyHP0ULSyMYnrzoqKN1BwbobRYyXKbVR376qMtxhLMe71PXg26TgDC9seUnooNum XgcRIdc7Q2WyGaFLxGE5fS0/7FagX/etRlg9DIHi27NVl0WXgmFVLC2ZumjfSoms FgQUTPwa2Bt90Oat2u7vnB5MBvCR0+OAAsM8TK/cn/31F697MMTI6Qloiq2DDOt4 2c2PkIZ6XrY=6RkQ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4952-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 09, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat9 CVE ID : CVE-2021-30640 CVE-2021-33037 Debian Bug : 991046 Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, bypass of logout restrictions or authentications using variations of a valid user name. For the stable distribution (buster), these problems have been fixed in version 9.0.31-1~deb10u5. We recommend that you upgrade your tomcat9 packages. For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmERmLEACgkQEMKTtsN8 TjZeMw/9Em+a8hxIgfV6m8svrekc9scclTwKifFNjMU8JPwRHiK/jP7jpz8mwO4W AiEe+TaIiEhlqjg41G2b7P/2cxJlB2Uetf16dvajv9kZA4MjMVDTXiDKvuqo5uVg zT7lkwU6jaMDGUd/unZZTwk8jh4imrF11fLCL6bQciwBdDAuiMDiioW526XwK/5u oUfdu1SJphXNQSkq/d6R7eTOurryFxYrrBswUUsYF5Dk4NhtNuR6pLsRmLVo3sO1 490C/MxLuL/vDMY/5ycqUcBu9JQ4hOADDUClUFcx4/U9soMCTbxsc4OGVlqJAK4W +IeVNO6Y+miHkQCoeqP3deq+ZCwiHaaPR4Y+pZHmGaSvnG7akG8ZJATZWUB/YdU4 DnNlGxgaIIqxHSZcht9ExSTufwjNiYGCQeuBPVhOsh+DDk4l1m1JJN+5nUwB9/id SRV3ZmlRLwJu0YcZPdtogrgmfUgpI3rr+M0t+nERDo3gJ5qQIT2shCNjQaNSEcx8 ko/6aELWC546FlncPCjEpCNDGqsEn7BYOzf18JRqlD1/NPYM+eBa1grXqBdYj9oa Fyl69bY8YU7V8l/aEDvrPDMDStvIvaK2MFtdPvpUQRvU71iuY37CtM5AaaGyOl95 zyNSHUvLzXNOpEWUMTgNKTmTmbRTkCSW71GCgRaVuLthzHN2Bic= =WmYc -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Apache Tomcat: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #773571, #801916, #818160, #855971 ID: 202208-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Apache Tomcat, the worst of which could result in denial of service. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/tomcat < 8.5.82:8.5 >= 8.5.82:8.5 < 9.0.65:9 >= 9.0.65:9 < 10.0.23:10 >= 10.0.23:10 Description ========== Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Apache Tomcat 10.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-10.0.23:10" All Apache Tomcat 9.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-9.0.65:9" All Apache Tomcat 8.5.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-8.5.82:8.5" References ========= [ 1 ] CVE-2021-25122 https://nvd.nist.gov/vuln/detail/CVE-2021-25122 [ 2 ] CVE-2021-25329 https://nvd.nist.gov/vuln/detail/CVE-2021-25329 [ 3 ] CVE-2021-30639 https://nvd.nist.gov/vuln/detail/CVE-2021-30639 [ 4 ] CVE-2021-30640 https://nvd.nist.gov/vuln/detail/CVE-2021-30640 [ 5 ] CVE-2021-33037 https://nvd.nist.gov/vuln/detail/CVE-2021-33037 [ 6 ] CVE-2021-42340 https://nvd.nist.gov/vuln/detail/CVE-2021-42340 [ 7 ] CVE-2022-34305 https://nvd.nist.gov/vuln/detail/CVE-2022-34305 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-34 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . The purpose of this text-only errata is to inform you about the security issues fixed in this release. Installation instructions are available from the Fuse 7.11.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/ 4

Trust: 2.88

sources: NVD: CVE-2021-33037 // JVNDB: JVNDB-2021-003000 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-393050 // VULMON: CVE-2021-33037 // PACKETSTORM: 166707 // PACKETSTORM: 165117 // PACKETSTORM: 165112 // PACKETSTORM: 169105 // PACKETSTORM: 168127 // PACKETSTORM: 167841

AFFECTED PRODUCTS

vendor:	日立	model:	ucosminexus application server	scope:	-	version:	-	Trust: 1.6
vendor:	日立	model:	ucosminexus primary server base	scope:	-	version:	-	Trust: 1.6
vendor:	日立	model:	ucosminexus service platform	scope:	-	version:	-	Trust: 1.6
vendor:	oracle	model:	communications instant messaging server	scope:	eq	version:	10.0.1.5.0	Trust: 1.0
vendor:	oracle	model:	managed file transfer	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	apache	model:	tomcat	scope:	gte	version:	8.5.0	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	oracle	model:	graph server and client	scope:	lt	version:	21.4	Trust: 1.0
vendor:	mcafee	model:	epolicy orchestrator	scope:	lt	version:	5.10.0	Trust: 1.0
vendor:	oracle	model:	mysql enterprise monitor	scope:	lte	version:	8.0.25	Trust: 1.0
vendor:	oracle	model:	agile plm	scope:	eq	version:	9.3.6	Trust: 1.0
vendor:	oracle	model:	sd-wan edge	scope:	eq	version:	9.0	Trust: 1.0
vendor:	oracle	model:	utilities testing accelerator	scope:	eq	version:	6.0.0.1.1	Trust: 1.0
vendor:	apache	model:	tomcat	scope:	lte	version:	10.0.6	Trust: 1.0
vendor:	apache	model:	tomcat	scope:	gt	version:	9.0.0	Trust: 1.0
vendor:	oracle	model:	instantis enterprisetrack	scope:	eq	version:	17.3	Trust: 1.0
vendor:	apache	model:	tomcat	scope:	gt	version:	10.0.0	Trust: 1.0
vendor:	oracle	model:	healthcare translational research	scope:	eq	version:	4.1.0	Trust: 1.0
vendor:	apache	model:	tomcat	scope:	lte	version:	9.0.46	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	oracle	model:	communications policy management	scope:	eq	version:	12.5.0	Trust: 1.0
vendor:	oracle	model:	secure global desktop	scope:	eq	version:	5.6	Trust: 1.0
vendor:	oracle	model:	sd-wan edge	scope:	eq	version:	9.1	Trust: 1.0
vendor:	oracle	model:	managed file transfer	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	apache	model:	tomcat	scope:	lte	version:	8.5.66	Trust: 1.0
vendor:	oracle	model:	communications cloud native core policy	scope:	eq	version:	1.14.0	Trust: 1.0
vendor:	oracle	model:	instantis enterprisetrack	scope:	eq	version:	17.2	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	lte	version:	8.5.0.2	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	gte	version:	8.0.0.0	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	lte	version:	8.2.4.0	Trust: 1.0
vendor:	oracle	model:	communications pricing design center	scope:	eq	version:	12.0.0.3.0	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	lte	version:	8.2.4	Trust: 1.0
vendor:	oracle	model:	communications cloud native core service communication proxy	scope:	eq	version:	1.14.0	Trust: 1.0
vendor:	oracle	model:	hospitality cruise shipboard property management system	scope:	eq	version:	20.1.0	Trust: 1.0
vendor:	apache	model:	tomee	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	utilities testing accelerator	scope:	eq	version:	6.0.0.3.1	Trust: 1.0
vendor:	oracle	model:	instantis enterprisetrack	scope:	eq	version:	17.1	Trust: 1.0
vendor:	mcafee	model:	epolicy orchestrator	scope:	eq	version:	5.10.0	Trust: 1.0
vendor:	oracle	model:	utilities testing accelerator	scope:	eq	version:	6.0.0.2.2	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	日本電気	model:	addpoint	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	connexive edge device management	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	iot データストア	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus application server standard	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	webotx	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus developer standard	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	cosminexus application server enterprise	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	nec 自動応答	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	simpwright	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	cosminexus developer professional	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	webotx application server	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	connexive pf	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	elastic matcher	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus application server-r	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	secureware/clm	scope:	-	version:	-	Trust: 0.8
vendor:	apache	model:	tomee	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus application server enterprise	scope:	-	version:	-	Trust: 0.8
vendor:	apache	model:	tomcat	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus service architect	scope:	-	version:	-	Trust: 0.8
vendor:	オラクル	model:	oracle communications diameter signaling router	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	cosminexus application server standard	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi ops center common services	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus developer	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	esmpro/servermanager	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	cosminexus developer standard	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	infocage	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	cosminexus developer light	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus application server standard-r	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	enterpriseidentitymanager	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	webotx developer	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	retrieem	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus developer professional	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus developer professional for plug-in	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-003000 // NVD: CVE-2021-33037

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33037
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-33037
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-681
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-393050
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-33037
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-33037
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-393050
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-33037
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33037
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-393050 // VULMON: CVE-2021-33037 // JVNDB: JVNDB-2021-003000 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-681 // NVD: CVE-2021-33037

PROBLEMTYPE DATA

problemtype:	CWE-444	Trust: 1.1
problemtype:	HTTP Request Smuggling (CWE-444) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-393050 // JVNDB: JVNDB-2021-003000 // NVD: CVE-2021-33037

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-681

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	hitachi-sec-2021-140	url:	https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3Cannounce.tomcat.apache.org%3E	Trust: 0.8
title:	Apache Tomcat Remediation measures for environmental problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178517	Trust: 0.6
title:	Amazon Linux AMI: ALAS-2021-1535	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1535	Trust: 0.1
title:	Debian Security Advisories: DSA-4952-1 tomcat9 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=34a8611657c60f45f0bee7f033163917	Trust: 0.1
title:	Debian CVElist Bug Report Logs: tomcat9: CVE-2021-33037 CVE-2021-30640 CVE-2021-30639	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=c76b2125cc2898e046bae42a78fc87ed	Trust: 0.1
title:	Red Hat: Important: Red Hat support for Spring Boot 2.5.10 update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221179 - Security Advisory	Trust: 0.1
title:	Red Hat: CVE-2021-33037	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-33037	Trust: 0.1
title:	Ubuntu Security Notice: USN-5360-1: Tomcat vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5360-1	Trust: 0.1
title:	Hitachi Security Advisories: Vulnerability in Cosminexus	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2021-140	Trust: 0.1
title:	Red Hat: Important: Red Hat Fuse 7.11.0 release and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225532 - Security Advisory	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2021-134	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2021-33037	Trust: 0.1

sources: VULMON: CVE-2021-33037 // JVNDB: JVNDB-2021-003000 // CNNVD: CNNVD-202107-681

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33037	Trust: 4.0
db:	MCAFEE	id:	SB10366	Trust: 1.8
db:	PACKETSTORM	id:	168127	Trust: 0.8
db:	PACKETSTORM	id:	165112	Trust: 0.8
db:	JVN	id:	JVNVU91880022	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-003000	Trust: 0.8
db:	PACKETSTORM	id:	166707	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021072907	Trust: 0.6
db:	CS-HELP	id:	SB2022012750	Trust: 0.6
db:	CS-HELP	id:	SB2021081231	Trust: 0.6
db:	CS-HELP	id:	SB2021113014	Trust: 0.6
db:	CS-HELP	id:	SB2021101943	Trust: 0.6
db:	CS-HELP	id:	SB2021090824	Trust: 0.6
db:	CS-HELP	id:	SB2022011911	Trust: 0.6
db:	CS-HELP	id:	SB2022012307	Trust: 0.6
db:	CS-HELP	id:	SB2022042210	Trust: 0.6
db:	CS-HELP	id:	SB2021092919	Trust: 0.6
db:	CS-HELP	id:	SB2022040522	Trust: 0.6
db:	CS-HELP	id:	SB2021080808	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2676	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4028	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2664	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3924	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3688	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2359	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3531	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2647	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1404	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-681	Trust: 0.6
db:	PACKETSTORM	id:	165117	Trust: 0.2
db:	SEEBUG	id:	SSVID-99316	Trust: 0.1
db:	VULHUB	id:	VHN-393050	Trust: 0.1
db:	VULMON	id:	CVE-2021-33037	Trust: 0.1
db:	PACKETSTORM	id:	169105	Trust: 0.1
db:	PACKETSTORM	id:	167841	Trust: 0.1

sources: VULHUB: VHN-393050 // VULMON: CVE-2021-33037 // JVNDB: JVNDB-2021-003000 // PACKETSTORM: 166707 // PACKETSTORM: 165117 // PACKETSTORM: 165112 // PACKETSTORM: 169105 // PACKETSTORM: 168127 // PACKETSTORM: 167841 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-681 // NVD: CVE-2021-33037

REFERENCES

url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 2.4
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 2.4
url:	https://security.gentoo.org/glsa/202208-34	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33037	Trust: 1.9
url:	https://security.netapp.com/advisory/ntap-20210827-0007/	Trust: 1.8
url:	https://www.debian.org/security/2021/dsa-4952	Trust: 1.8
url:	https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3cannounce.tomcat.apache.org%3e	Trust: 1.8
url:	https://www.oracle.com//security-alerts/cpujul2021.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html	Trust: 1.8
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10366	Trust: 1.7
url:	https://access.redhat.com/security/cve/cve-2021-33037	Trust: 1.0
url:	https://lists.apache.org/thread.html/r290aee55b72811fd19e75ac80f6143716c079170c5671b96932ed44b%40%3ccommits.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262%40%3ccommits.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rc6ef52453bb996a98cb45442871a1db56b7c349939e45d829bf9ae37%40%3ccommits.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rd0dfea39829bc0606c936a16f6fca338127c86c0a1083970b45ac8d2%40%3ccommits.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7%40%3ccommits.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rf1b54fd3f52f998ca4829159a88cc4c23d6cef5c6447d00948e75c97%40%3ccommits.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7@%3ccommits.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262@%3ccommits.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/rd0dfea39829bc0606c936a16f6fca338127c86c0a1083970b45ac8d2@%3ccommits.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/r290aee55b72811fd19e75ac80f6143716c079170c5671b96932ed44b@%3ccommits.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/rf1b54fd3f52f998ca4829159a88cc4c23d6cef5c6447d00948e75c97@%3ccommits.tomee.apache.org%3e	Trust: 0.8
url:	https://lists.apache.org/thread.html/rc6ef52453bb996a98cb45442871a1db56b7c349939e45d829bf9ae37@%3ccommits.tomee.apache.org%3e	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu91880022/	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021113014	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3924	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2359	Trust: 0.6
url:	https://packetstormsecurity.com/files/165112/red-hat-security-advisory-2021-4863-06.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022040522	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021080808	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4028	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb20220422102	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021090824	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2664	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6493299	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6497115	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3531	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012750	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1404	Trust: 0.6
url:	https://packetstormsecurity.com/files/166707/red-hat-security-advisory-2022-1179-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2647	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apache-tomcat-hiding-via-request-encoding-35862	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021101943	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2676	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3688	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022011911	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012307	Trust: 0.6
url:	https://packetstormsecurity.com/files/168127/gentoo-linux-security-advisory-202208-34.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6485649	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092919	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072907	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021081231	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30640	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-30640	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-42340	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-42340	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-3859	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3642	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3629	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-41079	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25122	Trust: 0.2
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10366	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/444.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2021-33037	Trust: 0.1
url:	https://alas.aws.amazon.com/alas-2021-1535.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5360-1	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.5/html/release_notes_for_spring_boot_2.5/index	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20289	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3859	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3597	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20289	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3597	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product\xcatrhoar.spring.boot&version=2.5.10	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3629	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3642	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1179	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41079	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:4861	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:4863	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/tomcat9	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34305	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25329	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30639	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-29582	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-40690	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0084	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-25122	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25845	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22060	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22573	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-2471	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-26336	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22119	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-24122	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22569	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22970	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.11.0	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7020	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22119	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-23913	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-35517	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-35516	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33813	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-21724	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22950	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22932	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-30126	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22978	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-25329	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-4178	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22971	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22096	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3807	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-38153	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15250	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-23181	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36518	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15250	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-43797	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22096	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22976	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22573	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7020	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22968	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1319	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-24614	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25689	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22569	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-23596	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25689	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-24122	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-36090	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-23221	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22060	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-21363	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9484	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-43859	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-26520	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-2471	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-42550	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9484	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-41766	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29505	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29582	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36518	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1259	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-35515	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:5532	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3644	Trust: 0.1

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 166707 // PACKETSTORM: 165117 // PACKETSTORM: 165112 // PACKETSTORM: 167841

SOURCES

db:	VULHUB	id:	VHN-393050
db:	VULMON	id:	CVE-2021-33037
db:	JVNDB	id:	JVNDB-2021-003000
db:	PACKETSTORM	id:	166707
db:	PACKETSTORM	id:	165117
db:	PACKETSTORM	id:	165112
db:	PACKETSTORM	id:	169105
db:	PACKETSTORM	id:	168127
db:	PACKETSTORM	id:	167841
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202107-681
db:	NVD	id:	CVE-2021-33037

LAST UPDATE DATE

2024-08-14T13:06:32.520000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-393050	date:	2022-10-27T00:00:00
db:	VULMON	id:	CVE-2021-33037	date:	2022-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-003000	date:	2022-12-13T07:04:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-681	date:	2022-08-23T00:00:00
db:	NVD	id:	CVE-2021-33037	date:	2023-11-07T03:35:46.960

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-393050	date:	2021-07-12T00:00:00
db:	VULMON	id:	CVE-2021-33037	date:	2021-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2021-003000	date:	2021-10-14T00:00:00
db:	PACKETSTORM	id:	166707	date:	2022-04-13T15:02:31
db:	PACKETSTORM	id:	165117	date:	2021-12-01T16:38:47
db:	PACKETSTORM	id:	165112	date:	2021-12-01T16:37:47
db:	PACKETSTORM	id:	169105	date:	2021-08-28T19:12:00
db:	PACKETSTORM	id:	168127	date:	2022-08-22T16:02:30
db:	PACKETSTORM	id:	167841	date:	2022-07-27T17:27:19
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-681	date:	2021-07-12T00:00:00
db:	NVD	id:	CVE-2021-33037	date:	2021-07-12T15:15:08.400