A flaw in the handling of the 'Transfer-Encoding' header was found. A remote attacker could trigger this flaw which would cause subsequent requests to fail or information to leak between requests. This flaw is mitigated if Tomcat is behind a proxy as the proxy should reject the invalid transfer encoding header. This was fixed in r958977: http://svn.apache.org/viewvc?view=revision&revision=958977 Upstream 6.0.28 corrects this flaw as noted: http://tomcat.apache.org/security-6.html There is no upstream indication that this has been fixed in Tomcat5, however the patches mostly apply (a few rejects) with fuzz.
Tomcat 5.5.30 is available to fix this flaw: http://tomcat.apache.org/security-5.html And the svn revision (patches) to correct it: http://svn.apache.org/viewvc?view=revision&revision=959428
This flaw affects the version of the tomcat5 package, as shipped with Red Hat Enterprise Linux 5. This flaw affects the version of the tomcat5 package, as shipped with Red Hat Application Server v2. This flaw affects the versions of the tomcat5 and tomcat6 packages, as shipped with JBoss Enterprise Web Server 1.0.1 for Red Hat Enterprise Linux 4 and 5. This flaw affects the version of the tomcat5 package, as shipped with Red Hat Developer Suite 3.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0580 https://rhn.redhat.com/errata/RHSA-2010-0580.html
This issue has been addressed in following products: RHAPS Version 2 for RHEL 4 Via RHSA-2010:0582 https://rhn.redhat.com/errata/RHSA-2010-0582.html
This issue has been addressed in following products: Red Hat Developer Suite V.3 Via RHSA-2010:0583 https://rhn.redhat.com/errata/RHSA-2010-0583.html
This issue has been addressed in following products: JBEAP 4.2.0 for RHEL 4 JBEAP 4.3.0 for RHEL 4 JBEAP 4.2.0 for RHEL 5 JBEAP 4.3.0 for RHEL 5 Via RHSA-2010:0584 https://rhn.redhat.com/errata/RHSA-2010-0584.html
This issue has been addressed in following products: JBEWS 1.0 for RHEL 4 JBEWS 1.0 for RHEL 5 Via RHSA-2010:0581 https://rhn.redhat.com/errata/RHSA-2010-0581.html
Created tomcat6 tracking bugs for this issue Affects: fedora-all [bug 632313]
Created tomcat5 tracking bugs for this issue Affects: fedora-all [bug 632314]
This issue has been addressed in following products: Red Hat Certificate System 7.3 Via RHSA-2010:0693 https://rhn.redhat.com/errata/RHSA-2010-0693.html
This issue has been addressed in an asynchronous patch to JBoss Enterprise Application Platform 5.0.1, available here (login required): https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=3683&product=appplatform&version=5.0.1&downloadType=securityPatches It is also fixed in all subsequent versions of JBoss Enterprise Application Platform 5.