<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-2227" target="_blank">CVE</a>)</em> : Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with &quot;recycling of a buffer.&quot;

Currently, there are no known workarounds or upgrades to correct this issue. However, Apache.org has released a patch to address this vulnerability.

• Security Tracker: 1024180
• CVE ID: 2010-2227 (see also: NVD)
• Secunia Advisory ID: 40813 40846 40847 40848 41021 41025 41117 41364 41529 41875 42079 42368 42454 43310 43863 44166 44183 46417 47503 47507 49035 49702 50745 52816
• Bugtraq ID: 41544
• ISS X-Force ID: 60264
• Metasploit ID: 66319
• VUPEN Advisory: ADV-2010-1986
• Keyword: HPSBUX02579 SSRT100203
• Other Advisory URL: http://blogs.sun.com/security/entry/cve_2009_2902_cve_2009
  http://geronimo.apache.org/22x-security-report.html
  http://geronimo.apache.org/geronimo-21x-and-22x-cve-2010-2227-apache-tomcat-remote-denial-of-service-patch-instructions.html
  http://www.blackberry.com/btsc/KB25966
• Vendor Specific News/Changelog Entry: http://geronimo.apache.org/21x-security-report.html
  http://geronimo.apache.org/22x-security-report.html
  http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151
  http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
  http://security.gentoo.org/glsa/glsa-201206-24.xml
  http://svn.apache.org/viewvc?view=revision&revision=958911
  http://svn.apache.org/viewvc?view=revision&revision=958977
  http://svn.apache.org/viewvc?view=revision&revision=959428
  http://tomcat.apache.org/security-5.html
  http://tomcat.apache.org/security-6.html
  http://tomcat.apache.org/security-7.html
• Vendor Specific Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02515878
  http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html
  http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html
  http://support.apple.com/kb/HT5002
  http://www.debian.org/security/2011/dsa-2207
  http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-05-584&viewMode=view
  http://www.novell.com/support/viewContent.do?externalId=7007274
  http://www.novell.com/support/viewContent.do?externalId=7007275
  http://www.ubuntu.com/usn/usn-976-1
  http://www.vmware.com/security/advisories/VMSA-2011-0003.html
  https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1
  https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03716627
  https://kb.bluecoat.com/index?page=content&id=SA66
• Mail List Post: http://lists.apple.com/archives/security-announce/2011/Oct//msg00003.html
• Packet Storm: http://packetstormsecurity.com/files/121037/HP-Security-Bulletin-HPSBUX02860-SSRT101146.html
• RedHat RHSA: http://rhn.redhat.com/errata/RHSA-2010-0693.html
  https://rhn.redhat.com/errata/RHSA-2010-0580.html
  https://rhn.redhat.com/errata/RHSA-2010-0581.html
  https://rhn.redhat.com/errata/RHSA-2010-0582.html
  https://rhn.redhat.com/errata/RHSA-2010-0584.html
  RHSA-2010:0580 RHSA-2010:0581 RHSA-2010:0582 RHSA-2010:0583

Unknown or Incomplete