RedHatRHSA-2010:0583(RHSA-2010:0583) Important: tomcat5 security update
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.463 Medium
EPSS
Percentile
97.1%
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
A flaw was found in the way Tomcat handled the Transfer-Encoding header in
HTTP requests. A specially-crafted HTTP request could prevent Tomcat from
sending replies, or cause Tomcat to return truncated replies, or replies
containing data related to the requests of other users, for all subsequent
HTTP requests. (CVE-2010-2227)
Users of Tomcat should upgrade to these updated packages, which contain a
backported patch to resolve this issue. Tomcat must be restarted for this
update to take effect.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | any | noarch | tomcat5 | < 5.5.23-0jpp_21rh | tomcat5-5.5.23-0jpp_21rh.noarch.rpm |
| RedHat | any | noarch | tomcat5-common-lib | < 5.5.23-0jpp_21rh | tomcat5-common-lib-5.5.23-0jpp_21rh.noarch.rpm |
| RedHat | any | noarch | tomcat5-server-lib | < 5.5.23-0jpp_21rh | tomcat5-server-lib-5.5.23-0jpp_21rh.noarch.rpm |
| RedHat | any | noarch | tomcat5-jsp-2.0-api | < 5.5.23-0jpp_21rh | tomcat5-jsp-2.0-api-5.5.23-0jpp_21rh.noarch.rpm |
| RedHat | any | noarch | tomcat5-servlet-2.4-api | < 5.5.23-0jpp_21rh | tomcat5-servlet-2.4-api-5.5.23-0jpp_21rh.noarch.rpm |
| RedHat | any | noarch | tomcat5-jasper | < 5.5.23-0jpp_21rh | tomcat5-jasper-5.5.23-0jpp_21rh.noarch.rpm |
Related
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.463 Medium
EPSS
Percentile
97.1%