Lucene search

PRIOn knowledge basePRION:CVE-2010-2227

HistoryJul 13, 2010 - 5:30 p.m.

Buffer overflow

2010-07-1317:30:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.61 Medium

EPSS

Percentile

97.7%

JSON

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with “recycling of a buffer.”

CPENameOperatorVersion
tomcateq5.5.27
tomcateq5.5.18
tomcateq5.5.12
tomcateq5.5.14
tomcateq5.5.10
tomcateq5.5.4
tomcateq5.5.7
tomcateq5.5.1
tomcateq5.5.11
tomcateq5.5.28

Name	Operator	Version
tomcat	eq	5.5.27
tomcat	eq	5.5.18
tomcat	eq	5.5.12
tomcat	eq	5.5.14
tomcat	eq	5.5.10
tomcat	eq	5.5.4
tomcat	eq	5.5.7
tomcat	eq	5.5.1
tomcat	eq	5.5.11
tomcat	eq	5.5.28

Rows per page:

1-10 of 551

References

geronimo.apache.org/21x-security-report.html

geronimo.apache.org/22x-security-report.html

lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

secunia.com/advisories/40813

secunia.com/advisories/41025

secunia.com/advisories/42079

secunia.com/advisories/42368

secunia.com/advisories/42454

secunia.com/advisories/43310

secunia.com/advisories/44183

secunia.com/advisories/57126

securitytracker.com/id?1024180

support.apple.com/kb/HT5002

svn.apache.org/viewvc?view=revision&revision=958911

svn.apache.org/viewvc?view=revision&revision=958977

svn.apache.org/viewvc?view=revision&revision=959428

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

www.debian.org/security/2011/dsa-2207

www.mandriva.com/security/advisories?name=MDVSA-2010:176

www.mandriva.com/security/advisories?name=MDVSA-2010:177

www.novell.com/support/viewContent.do?externalId=7007274

www.novell.com/support/viewContent.do?externalId=7007275

www.redhat.com/support/errata/RHSA-2010-0580.html

www.redhat.com/support/errata/RHSA-2010-0581.html

www.redhat.com/support/errata/RHSA-2010-0582.html

www.redhat.com/support/errata/RHSA-2010-0583.html

www.securityfocus.com/archive/1/512272/100/0/threaded

www.securityfocus.com/archive/1/516397/100/0/threaded

www.securityfocus.com/bid/41544

www.vmware.com/security/advisories/VMSA-2011-0003.html

www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

www.vupen.com/english/advisories/2010/1986

www.vupen.com/english/advisories/2010/2868

www.vupen.com/english/advisories/2010/3056

exchange.xforce.ibmcloud.com/vulnerabilities/60264

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html

marc.info/?l=bugtraq&m=129070310906557&w=2

marc.info/?l=bugtraq&m=136485229118404&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532

7 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.61 Medium

EPSS

Percentile

97.7%

JSON

Related for PRION:CVE-2010-2227