Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67742
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0583
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0583.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

A flaw was found in the way Tomcat handled the Transfer-Encoding header in
HTTP requests. A specially-crafted HTTP request could prevent Tomcat from
sending replies, or cause Tomcat to return truncated replies, or replies
containing data related to the requests of other users, for all subsequent
HTTP requests. (CVE-2010-2227)

Users of Tomcat should upgrade to these updated packages, which contain a
backported patch to resolve this issue. Tomcat must be restarted for this
update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0583.html
http://www.redhat.com/security/updates/classification/#important
http://tomcat.apache.org/security-5.html

Risk factor : High

CVSS Score:
6.4

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-2227
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 41544
http://www.securityfocus.com/bid/41544
Bugtraq: 20100709 [SECURITY] CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/512272/100/0/threaded
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
http://www.securityfocus.com/archive/1/516397/100/0/threaded
Debian Security Information: DSA-2207 (Google Search)
http://www.debian.org/security/2011/dsa-2207
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html
HPdes Security Advisory: HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
HPdes Security Advisory: HPSBUX02579
http://marc.info/?l=bugtraq&m=129070310906557&w=2
HPdes Security Advisory: HPSBUX02860
http://marc.info/?l=bugtraq&m=136485229118404&w=2
HPdes Security Advisory: SSRT100203
HPdes Security Advisory: SSRT101146
http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
http://www.mandriva.com/security/advisories?name=MDVSA-2010:177
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18532
http://www.redhat.com/support/errata/RHSA-2010-0580.html
http://www.redhat.com/support/errata/RHSA-2010-0581.html
http://www.redhat.com/support/errata/RHSA-2010-0582.html
http://www.redhat.com/support/errata/RHSA-2010-0583.html
http://securitytracker.com/id?1024180
http://secunia.com/advisories/40813
http://secunia.com/advisories/41025
http://secunia.com/advisories/42079
http://secunia.com/advisories/42368
http://secunia.com/advisories/42454
http://secunia.com/advisories/43310
http://secunia.com/advisories/44183
http://secunia.com/advisories/57126
SuSE Security Announcement: SUSE-SR:2010:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://www.vupen.com/english/advisories/2010/1986
http://www.vupen.com/english/advisories/2010/2868
http://www.vupen.com/english/advisories/2010/3056
XForce ISS Database: tomcat-transferencoding-dos(60264)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60264
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.