Apache Tomcat 7.0.x < 7.0.2 Denial of Service Vulnerability

medium Log Correlation Engine Plugin ID 800611

Synopsis

The remote web server is vulnerable to a denial of service attack.

Description

Versions of Tomcat 7.0.x earlier than 7.0.2 are potentially affected by a denial of service vulnerability because several flaws in the handling of the 'Transfer-Encoding header could prevent the recycling of a buffer.

Solution

Upgrade to Apache Tomcat 7.0.2 or later.

See Also

tomcat.apache.org/security-7.html

Plugin Details

Severity: Medium

ID: 800611

Family: Web Servers

Published: 2/14/2011

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

Vulnerability Information

Patch Publication Date: 8/11/2010

Vulnerability Publication Date: 7/9/2010

Reference Information

CVE: CVE-2010-2227

BID: 41544