CVE-2010-2227

Description

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."

How to fix CVE-2010-2227

To remediate CVE-2010-2227, upgrade the affected package to a fixed version below.

• Maven/org.apache.tomcat:tomcat—upgrade to 7.0.2 or later

Is CVE-2010-2227 being exploited?

Likely — EPSS is 80.2%, placing CVE-2010-2227 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

• >= 7.0.0, < 7.0.2

References (49)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2010-2227
• PATCHgithub.com/apache/tomcat
• WEBgeronimo.apache.org/21x-security-report.html
• WEBgeronimo.apache.org/22x-security-report.html
• WEB