CVE-2011-0534
Apache Tomcat 6.0.0-6.0.30 and 7.0.0-7.0.6 - Denial of Service via NIO HTTP Connector
Title source: llmDescription
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
References (18)
Core 18
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8074
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025027
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45022
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/70809
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516214/100/0/threaded
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0293
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57126
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65162
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46164
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43192
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2160
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5002
Various Sources x_refsource_confirm
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_%28released_5_Feb_2011%29
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=139344343412337&w=2
Vendor Advisory x_refsource_confirm
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
Patch, Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.32
Scores
EPSS
0.0789
EPSS Percentile
94.1%
Details
CWE
CWE-399
Status
published
Products (35)
apache/tomcat
7.0.0
apache/tomcat
7.0.1
apache/tomcat
7.0.2
apache/tomcat
7.0.3
apache/tomcat
7.0.4
apache/tomcat
7.0.5
apache/tomcat
7.0.6
apache/tomcat
6.0.0
apache/tomcat
6.0.1
apache/tomcat
6.0.2
... and 25 more
Published
Feb 10, 2011
Tracked Since
Feb 18, 2026