What is CVE-2010-2227?

CVE-2010-2227 is a vulnerability in Apache Tomcat, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2010-07-13.

Is CVE-2010-2227 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Apache Tomcat

CVE-2010-2227

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive info…

Vulnerability class: Buffer Overflow

EPSS: 0.802 (99.1th percentile) — read the EPSS interpretation.

Affected products

Apache Tomcat — versions 5.5.26, 6.0.15, 5.5.23
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_CONFIRM)
20100709 [SECURITY] CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability (mailing-list, x_refsource_BUGTRAQ)
42079 (x_refsource_SECUNIA, third-party-advisory)
DSA-2207 (vendor-advisory, x_refsource_DEBIAN)
HPSBUX02860 (x_refsource_HP, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
MDVSA-2010:177 (vendor-advisory, x_refsource_MANDRIVA)
ADV-2010-3056 (vdb-entry, x_refsource_VUPEN)
43310 (x_refsource_SECUNIA, third-party-advisory)
RHSA-2010:0581 (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2010-2227?: CVE-2010-2227 is a vulnerability in Apache Tomcat, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2010-07-13.
Is CVE-2010-2227 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.