Уязвимость CVE-2010-2227: Информация

Описание

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."

Важность: MEDIUM (6,4)

URL: https://nvd.nist.gov/vuln/detail/CVE-2010-2227

Опубликовано: 13 июля 2010 г.

Изменено: 7 ноября 2023 г.

Идентификатор типа ошибки: CWE-119

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
http://tomcat.apache.org/security-7.html	Vendor Advisory
http://tomcat.apache.org/security-5.html	Vendor Advisory
http://svn.apache.org/viewvc?view=revision&revision=959428	Patch
http://svn.apache.org/viewvc?view=revision&revision=958977	Patch
1024180
http://tomcat.apache.org/security-6.html	Vendor Advisory
41544
http://svn.apache.org/viewvc?view=revision&revision=958911	Patch
RHSA-2010:0583
RHSA-2010:0580
40813
RHSA-2010:0581
ADV-2010-1986
RHSA-2010:0582
http://geronimo.apache.org/22x-security-report.html
http://geronimo.apache.org/21x-security-report.html
41025
MDVSA-2010:176
MDVSA-2010:177
SUSE-SR:2010:017
ADV-2010-2868
FEDORA-2010-16248
FEDORA-2010-16270
42079
HPSBUX02579
ADV-2010-3056
42368
http://www.novell.com/support/viewContent.do?externalId=7007275
http://www.novell.com/support/viewContent.do?externalId=7007274
42454
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
43310
44183
DSA-2207
APPLE-SA-2011-10-12-3
http://support.apple.com/kb/HT5002
HPSBUX02860
HPSBST02955
57126
tomcat-transferencoding-dos(60264)
oval:org.mitre.oval:def:18532
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
20100709 [SECURITY] CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability
[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/
[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*
  
  Конфигурация 2
  cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
  cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
  
  Конфигурация 3
  cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*

Версия: v24.4.2

Наверх

Уязвимость CVE-2010-2227: Информация

Описание

Ссылки на рекомендации, решения и инструменты

Конфигурация 1

Конфигурация 2

Конфигурация 3