CVE-2010-2227

Apache Tomcat < 7.0.2 - Memory Corruption

Title source: rule

Description

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."

Exploits (1)

metasploit WORKING POC

by Steve Jones · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/apache_tomcat_transfer_encoding.rb

View Code ZIP pw:eip

References (48)

[Mailing List] http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

[Various Sources] http://geronimo.apache.org/21x-security-report.html

[Various Sources] http://geronimo.apache.org/22x-security-report.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

[Mailing List] http://marc.info/?l=bugtraq&m=129070310906557&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=136485229118404&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=139344343412337&w=2

[Third Party Advisory] http://secunia.com/advisories/40813

[Third Party Advisory] http://secunia.com/advisories/41025

[Third Party Advisory] http://secunia.com/advisories/42079

[Third Party Advisory] http://secunia.com/advisories/42368

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1024180

[Vendor Advisory] http://support.apple.com/kb/HT5002

[Patch] http://svn.apache.org/viewvc?view=revision&revision=958911

[Patch] http://svn.apache.org/viewvc?view=revision&revision=958977

[Patch] http://svn.apache.org/viewvc?view=revision&revision=959428

[Vendor Advisory] http://tomcat.apache.org/security-5.html

[Vendor Advisory] http://tomcat.apache.org/security-6.html

[Vendor Advisory] http://tomcat.apache.org/security-7.html

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2010:176

... and 28 more

Scores

EPSS 0.8017

EPSS Percentile 99.1%

Details

CWE

CWE-119

Status published

Products (50)

apache/tomcat 5.5.0

apache/tomcat 5.5.1

apache/tomcat 5.5.2

apache/tomcat 5.5.3

apache/tomcat 5.5.4

apache/tomcat 5.5.5

apache/tomcat 5.5.6

apache/tomcat 5.5.7

apache/tomcat 5.5.8

apache/tomcat 5.5.9

... and 40 more

Published Jul 13, 2010

Tracked Since Feb 18, 2026