Apache Tomcat 7.0.x < 7.0.2 Denial of Service Vulnerability

Medium Log Correlation Engine Plugin ID 800611


The remote web server is vulnerable to a denial of service attack.


Versions of Tomcat 7.0.x earlier than 7.0.2 are potentially affected by a denial of service vulnerability because several flaws in the handling of the 'Transfer-Encoding header could prevent the recycling of a buffer.


Upgrade to Apache Tomcat 7.0.2 or later.

See Also


Plugin Details

Severity: Medium

ID: 800611

Family: Web Servers

Published: 2011/02/14

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2010/08/11

Vulnerability Publication Date: 2010/07/09

Reference Information

CVE: CVE-2010-2227

BID: 41544