Lucene search

RedhatCVE-2010-2227

HistoryJul 13, 2010 - 5:30 p.m.

CVE-2010-2227

2010-07-1317:30:03

CWE-119

redhat

web.nvd.nist.gov

cve-2010-2227

apache tomcat

denial of service

sensitive information disclosure

application outage

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

AI Score

4.4

Confidence

High

EPSS

0.594

Percentile

97.8%

JSON

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with “recycling of a buffer.”

Affected configurations

Nvd

Node

apachetomcatMatch5.5.0

apachetomcatMatch5.5.1

apachetomcatMatch5.5.2

apachetomcatMatch5.5.3

apachetomcatMatch5.5.4

apachetomcatMatch5.5.5

apachetomcatMatch5.5.6

apachetomcatMatch5.5.7

apachetomcatMatch5.5.8

apachetomcatMatch5.5.9

apachetomcatMatch5.5.10

apachetomcatMatch5.5.11

apachetomcatMatch5.5.12

apachetomcatMatch5.5.13

apachetomcatMatch5.5.14

apachetomcatMatch5.5.15

apachetomcatMatch5.5.16

apachetomcatMatch5.5.17

apachetomcatMatch5.5.18

apachetomcatMatch5.5.19

apachetomcatMatch5.5.20

apachetomcatMatch5.5.21

apachetomcatMatch5.5.22

apachetomcatMatch5.5.23

apachetomcatMatch5.5.24

apachetomcatMatch5.5.25

apachetomcatMatch5.5.26

apachetomcatMatch5.5.27

apachetomcatMatch5.5.28

apachetomcatMatch5.5.29

Node

apachetomcatMatch6.0.0

apachetomcatMatch6.0.1

apachetomcatMatch6.0.2

apachetomcatMatch6.0.3

apachetomcatMatch6.0.4

apachetomcatMatch6.0.5

apachetomcatMatch6.0.6

apachetomcatMatch6.0.7

apachetomcatMatch6.0.8

apachetomcatMatch6.0.9

apachetomcatMatch6.0.10

apachetomcatMatch6.0.11

apachetomcatMatch6.0.12

apachetomcatMatch6.0.13

apachetomcatMatch6.0.14

apachetomcatMatch6.0.15

apachetomcatMatch6.0.16

apachetomcatMatch6.0.17

apachetomcatMatch6.0.18

apachetomcatMatch6.0.19

apachetomcatMatch6.0.20

apachetomcatMatch6.0.24

apachetomcatMatch6.0.26

apachetomcatMatch6.0.27

Node

apachetomcatMatch7.0.0beta

VendorProductVersionCPE
apachetomcat5.5.0cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*
apachetomcat5.5.1cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*
apachetomcat5.5.2cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*
apachetomcat5.5.3cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*
apachetomcat5.5.4cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*
apachetomcat5.5.5cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*
apachetomcat5.5.6cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*
apachetomcat5.5.7cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
apachetomcat5.5.8cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*
apachetomcat5.5.9cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	tomcat	5.5.0	cpe:2.3:a:apache:tomcat:5.5.0:::::::*
apache	tomcat	5.5.1	cpe:2.3:a:apache:tomcat:5.5.1:::::::*
apache	tomcat	5.5.2	cpe:2.3:a:apache:tomcat:5.5.2:::::::*
apache	tomcat	5.5.3	cpe:2.3:a:apache:tomcat:5.5.3:::::::*
apache	tomcat	5.5.4	cpe:2.3:a:apache:tomcat:5.5.4:::::::*
apache	tomcat	5.5.5	cpe:2.3:a:apache:tomcat:5.5.5:::::::*
apache	tomcat	5.5.6	cpe:2.3:a:apache:tomcat:5.5.6:::::::*
apache	tomcat	5.5.7	cpe:2.3:a:apache:tomcat:5.5.7:::::::*
apache	tomcat	5.5.8	cpe:2.3:a:apache:tomcat:5.5.8:::::::*
apache	tomcat	5.5.9	cpe:2.3:a:apache:tomcat:5.5.9:::::::*

Rows per page:

1-10 of 551

References

geronimo.apache.org/21x-security-report.html

geronimo.apache.org/22x-security-report.html

lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html

lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

marc.info/?l=bugtraq&m=129070310906557&w=2

marc.info/?l=bugtraq&m=136485229118404&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

secunia.com/advisories/40813

secunia.com/advisories/41025

secunia.com/advisories/42079

secunia.com/advisories/42368

secunia.com/advisories/42454

secunia.com/advisories/43310

secunia.com/advisories/44183

secunia.com/advisories/57126

securitytracker.com/id?1024180

support.apple.com/kb/HT5002

svn.apache.org/viewvc?view=revision&revision=958911

svn.apache.org/viewvc?view=revision&revision=958977

svn.apache.org/viewvc?view=revision&revision=959428

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

www.debian.org/security/2011/dsa-2207

www.mandriva.com/security/advisories?name=MDVSA-2010:176

www.mandriva.com/security/advisories?name=MDVSA-2010:177

www.novell.com/support/viewContent.do?externalId=7007274

www.novell.com/support/viewContent.do?externalId=7007275

www.redhat.com/support/errata/RHSA-2010-0580.html

www.redhat.com/support/errata/RHSA-2010-0581.html

www.redhat.com/support/errata/RHSA-2010-0582.html

www.redhat.com/support/errata/RHSA-2010-0583.html

www.securityfocus.com/archive/1/512272/100/0/threaded

www.securityfocus.com/archive/1/516397/100/0/threaded

www.securityfocus.com/bid/41544

www.vmware.com/security/advisories/VMSA-2011-0003.html

www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

www.vupen.com/english/advisories/2010/1986

www.vupen.com/english/advisories/2010/2868

www.vupen.com/english/advisories/2010/3056

exchange.xforce.ibmcloud.com/vulnerabilities/60264

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

AI Score

4.4

Confidence

High

EPSS

0.594

Percentile

97.8%

JSON

Related for CVE-2010-2227