23779 2010-07-16 19:04:25 +0400 CVE-2010-2227: Remote Denial Of Service and Information Disclosure Vulnerability 2010-10-18 05:02:33 +0400 1 1 4 Development Sisyphus tomcat6 unstable all Linux CLOSED FIXED http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227 security P3 major --- 1 php-coder nobody qa-sisyphus oldest_to_newest 110672 0 php-coder 2010-07-16 19:04:25 +0400 Several flaws in the handling of the 'Transfer-Encoding' header were found that prevented the recycling of a buffer. A remote attacker could trigger this flaw which would cause subsequent requests to fail and/or information to leak between requests. This flaw is mitigated if Tomcat is behind a reverse proxy (such as Apache httpd 2.2) as the proxy should reject the invalid transfer encoding header. Одним словом предлагаю обновить Tomcat до 6.0.28, который также зафиксит #23500 113895 1 repository-robot 2010-10-18 05:02:33 +0400 tomcat6-0:6.0.26-alt2_11jpp6 -> sisyphus: * Mon Oct 18 2010 Igor Vlasenko <viy@altlinux> 0:6.0.26-alt2_11jpp6 - CVE-2010-2227 fix (closes: 23779)