SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Server/CGI)  >   Apache Tomcat Vendors:   Apache Software Foundation
Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1024180
SecurityTracker URL:  http://securitytracker.com/id/1024180
CVE Reference:   CVE-2010-2227   (Links to External Site)
Date:  Jul 12 2010
Impact:   Denial of service via network, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.5.0 to 5.5.29, 6.0.0 to 6.0.27, 7.0.0
Description:   A vulnerability was reported in Tomcat. A remote user can cause denial of service conditions. A remote user can obtain potentially sensitive information.

A remote user can send a request with a specially crafted 'Transfer-Encoding' header value to trigger a buffer recycling error and cause subsequent requests to fail or cause information from other requests to be leaked to the user.

Steve Jones reported this vulnerability.

Impact:   A remote user can cause denial of service conditions.

A remote user can obtain information from other requests.

Solution:   The vendor has issued a fix.

Tomcat 5.5.x users should upgrade to 5.5.30 or apply this patch:

http://svn.apache.org/viewvc?view=revision&revision=959428

Tomcat 6.0.x users should upgrade to 6.0.28 or apply this patch:

http://svn.apache.org/viewvc?view=revision&revision=958977

Tomcat 7.0.x users should upgrade to 7.0.1 when released or apply this patch:

http://svn.apache.org/viewvc?view=revision&revision=958911

The vendor's advisory is available at:

http://tomcat.apache.org/security-7.html

Vendor URL:  tomcat.apache.org/security-7.html (Links to External Site)
Cause:   Access control error, State error
Underlying OS:   Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 3 2010 (Red Hat Issues Fix) Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Developer Suite 3.
Sep 10 2010 (Red Has Issues Fix for Certificate System) Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Certificate System 7.3.
Oct 15 2010 (Sun Issues Fix) Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
Sun has issued a fix for Solaris 9 and 10 and OpenSolaris.
Nov 24 2010 (HP Issues Fix for HP-UX) Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
HP has issued a fix for HP-UX 11.23 and 11.31.
Apr 14 2011 (RIM Issues Fix for BlackBerry Enterprise Server) Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
RIM has issued a fix for BlackBerry Enterprise Server.



 Source Message Contents

Date:  Fri, 09 Jul 2010 17:31:00 +0100
Subject:  [SECURITY] CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information
               Disclosure Vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Tomcat 5.5.0 to 5.5.29
Tomcat 6.0.0 to 6.0.27
Tomcat 7.0.0

Note: 7.0.0 is still beta.
Note: The unsupported Tomcat 3.x, 4.x and 5.0.x versions may also be
affected.

Description:
Several flaws in the handling of the 'Transfer-Encoding' header were
found that prevented the recycling of a buffer. A remote attacker could
trigger this flaw which would cause subsequent requests to fail and/or
information to leak between requests.

Mitigation:
- - Tomcat 5.5.x users should upgrade to 5.5.30 or apply this patch:
  http://svn.apache.org/viewvc?view=revision&revision=959428
- - Tomcat 6.0.x users should upgrade to 6.0.28 or apply this patch:
  http://svn.apache.org/viewvc?view=revision&revision=958977
- - Tomcat 7.0.x users should upgrade to 7.0.1 when released or apply this
patch:
  http://svn.apache.org/viewvc?view=revision&revision=958911

- - All users may mitigate this flaw by running Tomcat behind a reverse
proxy (such as Apache httpd 2.2) that rejects invalid values for
Transfer-Encoding.

Credit:
This issue was discovered by Steve Jones

References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-5.html

The Apache Tomcat Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJMN07EAAoJEBDAHFovYFnn8U4P/2wJuP+JYoqeIpPJwK7stqfd
jKO01S999v9lnYpIfPXEaFgGXTedo7BYo4X+OTuR7OLiAR6DVa1PhVzDd4bzoeW3
sY9zbOiXEvM6Ps5eVPJuR9P4YVs8O6qeLA8UKWV28KIFX/N4hZ5KAAJTSdlP0DuB
2dLB8cWtldTJrYmLVXbG//1j4S/k/PfHU/+MpZRIs8GWUPOpCxrWyvg+rTQN2zWP
iKsUzEEfXyoeHJmD/KM7OTbxfmL0HsUgeHPUBi4A6zPZt6e8614MZcr9FuwK4BBt
+8lCrZhP9XgxbTqp2qMRtF49ObK2gWVav3o2uruaK6NDvGLrAjgvV+mCxKVx6yjl
i9kL1K8S1FIO2eqTdVrQulega2NatYJxyG2ofDsb92+6mio/vLYKBxtI4bworQli
Vf/EWmYCuueKrZzde6k+HWhy9cR8JFdws/EGZ5UUaMiVB5Rvk5jPHwBgJDUdnSqC
75HEQBTsowsVKLGuHSnIjkg4B0IiAT6COsOsTfXsUSUn8f95a40GTynE70xvL0Ii
17wr2aK3fC8z9XG3Grbx1s4KiIW41iPBDSh9I7WWSQ+hhq+VHsBKJoubQsWW4qVb
sRuMx6kHTRq1DqEiTtAQFdMiE1oyDNB1ro99j44LH4azJvi5hS5S5R5QOyt9PshE
x6KDdVdqZF3+d64YwjtE
=KHN9
-----END PGP SIGNATURE-----


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC