Why does Tomcat return 400 status after updating to mitigate CVE-2016-6816?

Solution Verified - Updated -


  • Tomcat returns a 400 status to my client after updating to mitigate CVE-2016-6816


  • JBoss Web Server (JWS) 3.1
    • tomcat7
    • tomcat8
  • JBoss Enterprise Application Platform (EAP) 6.4.13+
  • Red Hat Enterprise Linux (RHEL) 6
    • tomcat6
  • Red Hat Enterprise Linux (RHEL) 7
    • tomcat

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In