Flashes (Alerts)
Abstract
IBM WebSphere Application Server Community Edition v2.1.1.4 does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service or obtain sensitive information by way of a crafted header.
Content
The Tomcat web container in WebSphere Application Server Community Edition v2.1.1.4 contains a vulnerability that might expose the server to remote denial of service attacks and potentially disclose information about applications running on the server. This vulnerability does not exist in WebSphere Application Server. Details of this vulnerability can be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227
This issue is fixed in Tomcat catalina library v6.0.28. The following JAR contains the patch for the Tomcat catalina library v6.0.26 which is used by WebSphere Application Server Community Edition v2.1.1.4. The fixed JAR can be replaced in WebSphere Application Server Community Edition v2.1.1.4 installations.
- Stop the server if it is running and replace the JAR as specified below:
- Backup the existing one and replace with the new fix JAR from the following directory of the WebSphere Application Server Community Edition v2.1.1.4 installation:
catalina-6.0.26.0_W20100402.jar |
<WASCE_HOME>\repository\org\apache\geronimo\ext\tomcat\catalina\ 6.0.26.0_W20100402 |
Was this topic helpful?
Document Information
Modified date:
25 September 2022
UID
swg21448032