Apache Tomcat 'Transfer-Encoding' Information Disclosure And Denial Of Service Vulnerabilities Network Vulnerability

Summary

Apache Tomcat is prone to multiple remote vulnerabilities including information-disclosure and denial-of-service issues. Remote attackers can exploit these issues to cause denial-of-service conditions or gain access to potentially sensitive information information obtained may lead to further attacks. The following versions are affected: Tomcat 5.5.0 to 5.5.29 Tomcat 6.0.0 to 6.0.27 Tomcat 7.0.0 Tomcat 3.x, 4.x, and 5.0.x may also be affected.

Solution

The vendor released updates. Please see the references for more information.

References

http://tomcat.apache.org/
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://www.securityfocus.com/archive/1/512272
https://www.securityfocus.com/bid/41544

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2227

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P

Related Vulnerabilities

Apache Tomcat Request Object Security Bypass Vulnerability (Win)
IBM WebSphere Application Server JNDI information disclosure Vulnerability
LiteSpeed Web Server Source Code Information Disclosure Vulnerability
IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability
Kolibri Webserver 'HEAD' Request Processing Buffer Overflow Vulnerability

Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities

Take action and discover your vulnerabilities