Apache Tomcat 7.0.x < 7.0.2 Denial of Service Vulnerability

Medium Log Correlation Engine Plugin ID 800611

Synopsis

The remote web server is vulnerable to a denial of service attack.

Description

Versions of Tomcat 7.0.x earlier than 7.0.2 are potentially affected by a denial of service vulnerability because several flaws in the handling of the 'Transfer-Encoding header could prevent the recycling of a buffer.

Solution

Upgrade to Apache Tomcat 7.0.2 or later.

See Also

tomcat.apache.org/security-7.html

Plugin Details

Severity: Medium

ID: 800611

File Name: 800611.prm

Family: Web Servers

Published: 2011/02/14

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2010/08/11

Vulnerability Publication Date: 2010/07/09

Reference Information

CVE: CVE-2010-2227

BID: 41544