fkie_cve-2010-2227
Vulnerability from fkie_nvd
Published
2010-07-13 17:30
Modified
2025-04-11 00:51
Severity ?
Summary
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
References
secalert@redhat.comhttp://geronimo.apache.org/21x-security-report.html
secalert@redhat.comhttp://geronimo.apache.org/22x-security-report.html
secalert@redhat.comhttp://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=129070310906557&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=136485229118404&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=139344343412337&w=2
secalert@redhat.comhttp://secunia.com/advisories/40813
secalert@redhat.comhttp://secunia.com/advisories/41025
secalert@redhat.comhttp://secunia.com/advisories/42079
secalert@redhat.comhttp://secunia.com/advisories/42368
secalert@redhat.comhttp://secunia.com/advisories/42454
secalert@redhat.comhttp://secunia.com/advisories/43310
secalert@redhat.comhttp://secunia.com/advisories/44183
secalert@redhat.comhttp://secunia.com/advisories/57126
secalert@redhat.comhttp://securitytracker.com/id?1024180
secalert@redhat.comhttp://support.apple.com/kb/HT5002
secalert@redhat.comhttp://svn.apache.org/viewvc?view=revision&revision=958911Patch
secalert@redhat.comhttp://svn.apache.org/viewvc?view=revision&revision=958977Patch
secalert@redhat.comhttp://svn.apache.org/viewvc?view=revision&revision=959428Patch
secalert@redhat.comhttp://tomcat.apache.org/security-5.htmlVendor Advisory
secalert@redhat.comhttp://tomcat.apache.org/security-6.htmlVendor Advisory
secalert@redhat.comhttp://tomcat.apache.org/security-7.htmlVendor Advisory
secalert@redhat.comhttp://www.debian.org/security/2011/dsa-2207
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:176
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:177
secalert@redhat.comhttp://www.novell.com/support/viewContent.do?externalId=7007274
secalert@redhat.comhttp://www.novell.com/support/viewContent.do?externalId=7007275
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0580.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0581.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0582.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0583.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/512272/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/516397/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/41544
secalert@redhat.comhttp://www.vmware.com/security/advisories/VMSA-2011-0003.html
secalert@redhat.comhttp://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1986
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/2868
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/3056
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/60264
secalert@redhat.comhttps://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532
af854a3a-2127-422b-91ae-364da2661108http://geronimo.apache.org/21x-security-report.html
af854a3a-2127-422b-91ae-364da2661108http://geronimo.apache.org/22x-security-report.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=129070310906557&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=136485229118404&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=139344343412337&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40813
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41025
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42079
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42368
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42454
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43310
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/44183
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57126
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1024180
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT5002
af854a3a-2127-422b-91ae-364da2661108http://svn.apache.org/viewvc?view=revision&revision=958911Patch
af854a3a-2127-422b-91ae-364da2661108http://svn.apache.org/viewvc?view=revision&revision=958977Patch
af854a3a-2127-422b-91ae-364da2661108http://svn.apache.org/viewvc?view=revision&revision=959428Patch
af854a3a-2127-422b-91ae-364da2661108http://tomcat.apache.org/security-5.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tomcat.apache.org/security-6.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tomcat.apache.org/security-7.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2011/dsa-2207
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:177
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/support/viewContent.do?externalId=7007274
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/support/viewContent.do?externalId=7007275
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0580.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0581.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0582.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0583.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/512272/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/516397/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/41544
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2011-0003.html
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1986
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2868
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/3056
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/60264
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532
Impacted products
Vendor Product Version
apache tomcat 5.5.0
apache tomcat 5.5.1
apache tomcat 5.5.2
apache tomcat 5.5.3
apache tomcat 5.5.4
apache tomcat 5.5.5
apache tomcat 5.5.6
apache tomcat 5.5.7
apache tomcat 5.5.8
apache tomcat 5.5.9
apache tomcat 5.5.10
apache tomcat 5.5.11
apache tomcat 5.5.12
apache tomcat 5.5.13
apache tomcat 5.5.14
apache tomcat 5.5.15
apache tomcat 5.5.16
apache tomcat 5.5.17
apache tomcat 5.5.18
apache tomcat 5.5.19
apache tomcat 5.5.20
apache tomcat 5.5.21
apache tomcat 5.5.22
apache tomcat 5.5.23
apache tomcat 5.5.24
apache tomcat 5.5.25
apache tomcat 5.5.26
apache tomcat 5.5.27
apache tomcat 5.5.28
apache tomcat 5.5.29
apache tomcat 6.0.0
apache tomcat 6.0.1
apache tomcat 6.0.2
apache tomcat 6.0.3
apache tomcat 6.0.4
apache tomcat 6.0.5
apache tomcat 6.0.6
apache tomcat 6.0.7
apache tomcat 6.0.8
apache tomcat 6.0.9
apache tomcat 6.0.10
apache tomcat 6.0.11
apache tomcat 6.0.12
apache tomcat 6.0.13
apache tomcat 6.0.14
apache tomcat 6.0.15
apache tomcat 6.0.16
apache tomcat 6.0.17
apache tomcat 6.0.18
apache tomcat 6.0.19
apache tomcat 6.0.20
apache tomcat 6.0.24
apache tomcat 6.0.26
apache tomcat 6.0.27
apache tomcat 7.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB203AEC-2A94-48CA-A0E0-B5A8EBF028B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E98B82A-22E5-4E6C-90AE-56F5780EA147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "34672E90-C220-436B-9143-480941227933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "92883AFA-A02F-41A5-9977-ABEAC8AD2970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "989A78F8-EE92-465F-8A8D-ECF0B58AFE7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F5B6627-B4A4-4E2D-B96C-CA37CCC8C804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFB09F3-32D1-479C-8C39-D7329D9A6623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D56581E2-9ECD-426A-96D8-A9D958900AD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "717F6995-5AF0-484C-90C0-A82F25FD2E32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B0C01D5-773F-469C-9E69-170C2844AAA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB03FDFB-4DBF-4B70-BFA3-570D1DE67695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F5CF79C-759B-4FF9-90EE-847264059E93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "357651FD-392E-4775-BF20-37A23B3ABAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "585B9476-6B86-4809-9B9E-26112114CB59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6145036D-4FCE-4EBE-A137-BDFA69BA54F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E437055A-0A81-413F-AB08-0E9D0DC9EA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "9276A093-9C98-4617-9941-2276995F5848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "C98575E2-E39A-4A8F-B5B5-BD280B8367BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "5878E08E-2741-4798-94E9-BA8E07386B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "69F6BAB7-C099-4345-A632-7287AEA555B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3AAF031-D16B-4D51-9581-2D1376A5157B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "51120689-F5C0-4DF1-91AA-314C40A46C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "F67477AB-85F6-421C-9C0B-C8EFB1B200CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "16D0C265-2ED9-42CF-A7D6-C7FAE4246A1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D70CFD9-B55D-4A29-B94C-D33F3E881A8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1195878-CCC9-49BC-9AC7-1F88F0DFAB82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "375C26A9-623E-483A-BC11-468D9DE278C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E3C039-A949-4F1B-892A-57147EECB249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28C7801-41B9-4552-BA1E-577967BCBBEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "25B21085-7259-4685-9D1F-FF98E6489E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "635EE321-2A1F-4FF8-95BE-0C26591969D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A81B035-8598-4D2C-B45F-C6C9D4B10C2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1096947-82A6-4EA8-A4F2-00D91E3F7DAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C95ADA4-66F5-45C4-A677-ACE22367A75A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "11951A10-39A2-4FF5-8C43-DF94730FB794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "351E5BCF-A56B-4D91-BA3C-21A4B77D529A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DC2BBB4-171E-4EFF-A575-A5B7FF031755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B6B0504-27C1-4824-A928-A878CBBAB32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "D903956B-14F5-4177-AF12-0A5F1846D3C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F847DC-A2F5-456C-9038-16A0E85F4C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6B93A3A-D487-4CA1-8257-26F8FE287B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD8802B2-57E0-4AA6-BC8E-00DE60468569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "8461DF95-18DC-4BF5-A703-7F19DA88DC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F4C9BCF-9C73-4991-B02F-E08C5DA06EBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2823789C-2CB6-4300-94DB-BDBE83ABA8E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5416C76-46ED-4CB1-A7F8-F24EA16DE7F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "A61429EE-4331-430C-9830-58DCCBCBCB58",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "33E9607B-4D28-460D-896B-E4B7FA22441E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with \"recycling of a buffer.\""
    },
    {
      "lang": "es",
      "value": "Apache Tomcat v5.5.0 hasta v5.5.29, v6.0.0 hasta v6.0.27 y v7.0.0 beta, no maneja apropiadamente una cabecera Transer-Encoding inv\u00e1lida, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (indisponibilidad de la aplicaci\u00f3n) u obtener informaci\u00f3n sensible a trav\u00e9s de una cabecera manipulada que interfiera con el \"reciclado del b\u00faffer\" (\"recycling of a buffer\")."
    }
  ],
  "id": "CVE-2010-2227",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-07-13T17:30:03.750",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://geronimo.apache.org/21x-security-report.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://geronimo.apache.org/22x-security-report.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/40813"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/41025"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42079"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42368"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42454"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/43310"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/44183"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/57126"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1024180"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT5002"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=958911"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=958977"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=959428"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-7.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2011/dsa-2207"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/support/viewContent.do?externalId=7007274"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/support/viewContent.do?externalId=7007275"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0580.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0581.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0582.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0583.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/512272/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/41544"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/1986"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/2868"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/3056"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60264"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://geronimo.apache.org/21x-security-report.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://geronimo.apache.org/22x-security-report.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/40813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/41025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42079"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43310"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1024180"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=958911"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=958977"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=959428"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-7.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2207"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/support/viewContent.do?externalId=7007274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/support/viewContent.do?externalId=7007275"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0580.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0581.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0582.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0583.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/512272/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/41544"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1986"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/2868"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/3056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.