Bug 23779

Summary: CVE-2010-2227: Remote Denial Of Service and Information Disclosure Vulnerability
Product: Sisyphus Reporter: Slava Semushin <php-coder>
Component: tomcat6Assignee: Nobody's working on this, feel free to take it <nobody>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: major    
Priority: P3 Keywords: security
Version: unstable   
Hardware: all   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227

Description Slava Semushin 2010-07-16 19:04:25 MSD
Several flaws in the handling of the 'Transfer-Encoding' header were found that prevented the recycling of a buffer. A remote attacker could trigger this flaw which would cause subsequent requests to fail and/or information to leak between requests. This flaw is mitigated if Tomcat is behind a reverse proxy (such as Apache httpd 2.2) as the proxy should reject the invalid transfer encoding header.


Одним словом предлагаю обновить Tomcat до 6.0.28, который также зафиксит #23500
Comment 1 Repository Robot 2010-10-18 05:02:33 MSD
tomcat6-0:6.0.26-alt2_11jpp6 -> sisyphus:

* Mon Oct 18 2010 Igor Vlasenko <viy@altlinux> 0:6.0.26-alt2_11jpp6
- CVE-2010-2227 fix (closes: 23779)