CVE-2010-2227
published 2010-07-13CVE-2010-2227: Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote…
PriorityP352medium6.4CVSS 2.0
AVNACLAuNCPINAP
EXPLOIT
EPSS
54.78%
98.9th percentile
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
Affected
60 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP requests containing an invalid/malformed Transfer-Encoding header sent to Apache Tomcat; such requests can trigger buffer recycling issues leading to information disclosure or DoS. ↗
- →Exploitation risk is reduced when Tomcat is placed behind a reverse proxy, as the proxy should reject the invalid Transfer-Encoding header before it reaches Tomcat. ↗
- →Monitor for information leakage between requests (cross-request data bleed) on Apache Tomcat 5.5.0–5.5.29, 6.0.0–6.0.27, and 7.0.0 beta, which may indicate successful exploitation via buffer recycling interference. ↗
- ·Affected versions are Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta. Fixed in Tomcat 5.5.30 and 6.0.28. ↗
- ·Red Hat Enterprise Linux 6 ships tomcat6 which is listed as Not Affected for this CVE. ↗
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
vendor_redhat6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
vendor_vmware·2011-02-10·CVSS 5.0
CVE-2008-0085 [MEDIUM] Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
VMSA-2011-0003: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMware Security Advisory VMware Security Advisory Advisory ID: VMware Security Advisory Synopsis: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX VMware Security Advisory Issue date: VMware Security Advisory Updated on: VMware Security Advisory CVE numbers:
CVEs: CVE-2008-0085, CVE-2008-0086, CVE-2008-0106, CVE-2008-0107, CVE-2008-3825, CVE-2008-5416, CVE-2009-1384, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2009-3555, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0008, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085,
Ubuntu
Tomcat vulnerability
vendor_ubuntu·2010-08-25
CVE-2010-2227 Tomcat vulnerability
Title: Tomcat vulnerability
It was discovered that Tomcat incorrectly handled invalid Transfer-Encoding
headers. A remote attacker could send specially crafted requests containing
invalid headers to the server and cause a denial of service, or possibly
obtain sensitive information from other requests.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header
vendor_redhat·2010-07-08·CVSS 6.4
CVE-2010-2227 [MEDIUM] tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header
tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
Package: tomcat6 (Red Hat Enterprise Linux 6) - Not affected
GHSA
Apache Tomcat does not properly handle an invalid Transfer-Encoding header
ghsa·2022-05-14
CVE-2010-2227 [MEDIUM] CWE-119 Apache Tomcat does not properly handle an invalid Transfer-Encoding header
Apache Tomcat does not properly handle an invalid Transfer-Encoding header
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
OSV
Apache Tomcat does not properly handle an invalid Transfer-Encoding header
osv·2022-05-14
CVE-2010-2227 [MEDIUM] Apache Tomcat does not properly handle an invalid Transfer-Encoding header
Apache Tomcat does not properly handle an invalid Transfer-Encoding header
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
No detection rules found.
Exploit-DB
Bopup Communications Server - Remote Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2009-2227 Bopup Communications Server - Remote Buffer Overflow (Metasploit)
Bopup Communications Server - Remote Buffer Overflow (Metasploit)
---
##
# $Id: bopup_comm.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Bopup Communications Server Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Bopup Communications Server 3.2.26.5460.
By sending a specially crafted packet, an attacker may be
able to execute arbitrary code.
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 9262 $',
'References' =>
[
[ 'CVE', '2009-2227'
Metasploit
Apache Tomcat Transfer-Encoding Information Disclosure and DoS
metasploit
Apache Tomcat Transfer-Encoding Information Disclosure and DoS
Apache Tomcat Transfer-Encoding Information Disclosure and DoS
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
Bugzilla
CVE-2010-2227 tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header [fedora-all]
bugzilla·2010-09-09·CVSS 6.4
CVE-2010-2227 [MEDIUM] CVE-2010-2227 tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header [fedora-all]
CVE-2010-2227 tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=612799
Ple
Bugzilla
CVE-2010-2227 tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header [fedora-all]
bugzilla·2010-09-09·CVSS 6.4
CVE-2010-2227 [MEDIUM] CVE-2010-2227 tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header [fedora-all]
CVE-2010-2227 tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=612799
Ple
Bugzilla
CVE-2010-2227 tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header
bugzilla·2010-07-09·CVSS 6.4
CVE-2010-2227 [MEDIUM] CVE-2010-2227 tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header
CVE-2010-2227 tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header
A flaw in the handling of the 'Transfer-Encoding' header was found. A
remote attacker could trigger this flaw which would cause subsequent
requests to fail or information to leak between requests. This flaw is
mitigated if Tomcat is behind a proxy as the proxy should reject the
invalid transfer encoding header.
This was fixed in r958977:
http://svn.apache.org/viewvc?view=revision&revision=958977
Upstream 6.0.28 corrects this flaw as noted:
http://tomcat.apache.org/security-6.html
There is no upstream indication that this has been fixed in Tomcat5, however the patches mostly apply (a few rejects) with fuzz.
Discussion:
Tomcat 5.5.30 is available to fix this flaw:
http://tomcat.apache.
http://geronimo.apache.org/21x-security-report.htmlhttp://geronimo.apache.org/22x-security-report.htmlhttp://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.htmlhttp://marc.info/?l=bugtraq&m=129070310906557&w=2http://marc.info/?l=bugtraq&m=136485229118404&w=2http://marc.info/?l=bugtraq&m=139344343412337&w=2http://secunia.com/advisories/40813http://secunia.com/advisories/41025http://secunia.com/advisories/42079http://secunia.com/advisories/42368http://secunia.com/advisories/42454http://secunia.com/advisories/43310http://secunia.com/advisories/44183http://secunia.com/advisories/57126http://securitytracker.com/id?1024180http://support.apple.com/kb/HT5002http://svn.apache.org/viewvc?view=revision&revision=958911http://svn.apache.org/viewvc?view=revision&revision=958977http://svn.apache.org/viewvc?view=revision&revision=959428http://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://www.debian.org/security/2011/dsa-2207http://www.mandriva.com/security/advisories?name=MDVSA-2010:176http://www.mandriva.com/security/advisories?name=MDVSA-2010:177http://www.novell.com/support/viewContent.do?externalId=7007274http://www.novell.com/support/viewContent.do?externalId=7007275http://www.redhat.com/support/errata/RHSA-2010-0580.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0581.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0582.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0583.htmlhttp://www.securityfocus.com/archive/1/512272/100/0/threadedhttp://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.securityfocus.com/bid/41544http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlhttp://www.vupen.com/english/advisories/2010/1986http://www.vupen.com/english/advisories/2010/2868http://www.vupen.com/english/advisories/2010/3056https://exchange.xforce.ibmcloud.com/vulnerabilities/60264https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532http://geronimo.apache.org/21x-security-report.htmlhttp://geronimo.apache.org/22x-security-report.htmlhttp://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.htmlhttp://marc.info/?l=bugtraq&m=129070310906557&w=2http://marc.info/?l=bugtraq&m=136485229118404&w=2http://marc.info/?l=bugtraq&m=139344343412337&w=2http://secunia.com/advisories/40813http://secunia.com/advisories/41025http://secunia.com/advisories/42079http://secunia.com/advisories/42368http://secunia.com/advisories/42454http://secunia.com/advisories/43310http://secunia.com/advisories/44183http://secunia.com/advisories/57126http://securitytracker.com/id?1024180http://support.apple.com/kb/HT5002http://svn.apache.org/viewvc?view=revision&revision=958911http://svn.apache.org/viewvc?view=revision&revision=958977http://svn.apache.org/viewvc?view=revision&revision=959428http://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://www.debian.org/security/2011/dsa-2207http://www.mandriva.com/security/advisories?name=MDVSA-2010:176http://www.mandriva.com/security/advisories?name=MDVSA-2010:177http://www.novell.com/support/viewContent.do?externalId=7007274http://www.novell.com/support/viewContent.do?externalId=7007275http://www.redhat.com/support/errata/RHSA-2010-0580.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0581.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0582.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0583.htmlhttp://www.securityfocus.com/archive/1/512272/100/0/threadedhttp://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.securityfocus.com/bid/41544http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlhttp://www.vupen.com/english/advisories/2010/1986http://www.vupen.com/english/advisories/2010/2868http://www.vupen.com/english/advisories/2010/3056https://exchange.xforce.ibmcloud.com/vulnerabilities/60264https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532
2010-07-13
Published