Rewterz Threat Advisory – CVE-2023-46589 – Apache Tomcat Vulnerability

Rewterz Threat Alert – APT37 Aka ScarCruft or RedEyes – Active IOCs

November 29, 2023

Rewterz Threat Alert – IcedID Banking Trojan aka BokBot – Active IOCs

November 29, 2023

Rewterz Threat Advisory – CVE-2023-46589 – Apache Tomcat Vulnerability

Severity

Medium

Analysis Summary

CVE-2023-46589

Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP trailer headers. By sending a specially crafted HTTP(S) trailer header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.

Impact

Gain Access

Indicators Of Compromise

CVE

CVE-2023-46589

Affected Vendors

Apache

Affected Products

Apache Tomcat 8.5.0
Apache Tomcat 9.0.0-M1
Apache Tomcat 10.1.0-M1
Apache Tomcat 11.0.0-M1
Apache Tomcat 11.0.0-M10
Apache Tomcat 8.5.95
Apache Tomcat 9.0.82
Apache Tomcat 10.1.15

Remediation

Upgrade to the latest version of Apache Tomcat, available from the Apache Web site.

Apache Website

Rewterz Threat Alert – APT37 Aka ScarCruft or RedEyes – Active IOCs

Rewterz Threat Alert – IcedID Banking Trojan aka BokBot – Active IOCs

Rewterz Threat Advisory – CVE-2023-46589 – Apache Tomcat Vulnerability

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan