CVE-2010-2227

Name	CVE-2010-2227
Description	Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-2207-1
Debian Bugs	588813

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
tomcat5.5	source	lenny	5.5.26-5lenny2	DSA-2207-1
tomcat5.5	source	(unstable)	(unfixed)
tomcat6	source	lenny	(not affected)
tomcat6	source	(unstable)	6.0.28-1		588813

Notes

[lenny] - tomcat6 <not-affected> (Only ships the servlet package)