Computer Security
[EN] securityvulns.ru no-pyccku


Apache Tomcat DoS and information leak
Published:13.07.2010
Source:
SecurityVulns ID:10986
Type:remote
Threat Level:
5/10
Description:Several flaws in the handling of the 'Transfer-Encoding' header.
Affected:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
 APACHE : Tomcat 7.0
CVE:CVE-2010-2227 (Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer.")
Original documentdocumentAPACHE, [SECURITY] CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability (13.07.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod