CVE-2010-2227Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents8 sources
Severity
6.4MEDIUMNVD
EPSS
80.2%
top 0.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedJul 13
Latest updateMay 14

Description

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDapache/tomcat55 versions+54

Patches

Patch: svn.apache.orgPatch: svn.apache.orgPatch: svn.apache.org

🔴Vulnerability Details

3
GHSA
Apache Tomcat does not properly handle an invalid Transfer-Encoding header2022-05-14
OSV
Apache Tomcat does not properly handle an invalid Transfer-Encoding header2022-05-14
CVEList
CVE-2010-2227: Apache Tomcat 52010-07-13

💥Exploits & PoCs

1
Exploit-DB
Bopup Communications Server - Remote Buffer Overflow (Metasploit)2010-05-09

📋Vendor Advisories

2
Ubuntu
Tomcat vulnerability2010-08-25
Red Hat
tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header2010-07-08

💬Community

3
Bugzilla
CVE-2010-2227 tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header [fedora-all]2010-09-09
Bugzilla
CVE-2010-2227 tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header [fedora-all]2010-09-09
Bugzilla
CVE-2010-2227 tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header2010-07-09
CVE-2010-2227 — Apache Tomcat vulnerability | cvebase