This application requires Javascript for optimal performance.

Apache.Tomcat.TransferEncoding.Header.DoS

Release Date

Apr 14, 2011

Severity

medium

Impact

Description

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."

Affected Products

Recommended Actions

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2010-2227

Reference/s

http://www.securityfocus.com/bid/41544 (BugTraq)
http://secunia.com/advisories/41647/

Reference: VID-23851