Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-46589 Tomcat 9 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. CVE-2024-24549 Denial of Service due to im ...