Computer Security

Apache Tomcat DoS and information leak
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Apache Tomcat DoS and information leak
Published:13.07.2010
Source:BUGTRAQ
SecurityVulns ID:10986
Type:remote
Level:5/10
Description:Several flaws in the handling of the 'Transfer-Encoding' header.
Affected:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
 APACHE : Tomcat 7.0
CVE:CVE-2010-2227 (Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer.")
Original documentdocumentAPACHE, [SECURITY] CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability (13.07.2010)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru