(RIM Issues Fix for BlackBerry Enterprise Server) Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
|
|
SecurityTracker Alert ID: 1025357 |
|
SecurityTracker URL: http://securitytracker.com/id/1025357
|
|
CVE Reference:
CVE-2010-2227
(Links to External Site)
|
Date: Apr 14 2011
|
Impact:
Denial of service via network, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Tomcat. A remote user can cause denial of service conditions. A remote user can obtain potentially sensitive information. BlackBerry Enterprise Server is affected.
A remote user can send a request with a specially crafted 'Transfer-Encoding' header value to trigger a buffer recycling error and cause subsequent requests to fail or cause information from other requests to be leaked to the user.
Steve Jones reported this vulnerability.
|
Impact:
A remote user can cause denial of service conditions.
A remote user can obtain information from other requests.
|
Solution:
RIM has issued a fix for BlackBerry Enterprise Server, which is affected by this vulnerability.
The RIM advisory is available at:
http://www.blackberry.com/btsc/KB25966
|
Cause:
Access control error, State error
|
Underlying OS:
Windows (2000), Windows (2003), Windows (2008)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 14 Apr 2011 04:27:28 +0000
Subject: BlackBerry Enterprise Server
|
http://www.blackberry.com/btsc/KB25966
CVE-2007-3385
CVE-2007-5333
CVE-2008-1678
CVE-2008-5515
CVE-2007-1858
CVE-2009-3555
CVE-2010-2227
|
|
