Описание
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Certificate System 7.2 | Other | Affected | ||
| Red Hat Enterprise Linux 6 | tomcat6 | Not affected | ||
| Red Hat Satellite 5.0 | Server | Affected | ||
| Red Hat Satellite 5.1 | Server | Affected | ||
| Red Hat Satellite 5.2 | Server | Affected | ||
| Red Hat Satellite 5.3 | Server | Affected | ||
| JBEAP 4.2.0 for RHEL 4 | jbossweb | Fixed | RHSA-2010:0584 | 02.08.2010 |
| JBEAP 4.2.0 for RHEL 5 | jbossweb | Fixed | RHSA-2010:0584 | 02.08.2010 |
| JBEWS 1.0 for RHEL 4 | tomcat5 | Fixed | RHSA-2010:0581 | 02.08.2010 |
| JBEWS 1.0 for RHEL 4 | tomcat6 | Fixed | RHSA-2010:0581 | 02.08.2010 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.4 Medium
CVSS2
Связанные уязвимости
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 be ...
Apache Tomcat does not properly handle an invalid Transfer-Encoding header
EPSS
6.4 Medium
CVSS2