CVE-2011-0534

Apache Tomcat 6.0.0-6.0.30 and 7.0.0-7.0.6 - Denial of Service via NIO HTTP Connector

Title source: llm
STIX 2.1

Description

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

References (18)

Core 18
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8074
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025027
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45022
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/70809
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516214/100/0/threaded
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0293
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57126
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65162
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46164
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43192
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2160
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5002
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=139344343412337&w=2

Scores

EPSS 0.0789
EPSS Percentile 94.1%

Details

CWE
CWE-399
Status published
Products (35)
apache/tomcat 7.0.0
apache/tomcat 7.0.1
apache/tomcat 7.0.2
apache/tomcat 7.0.3
apache/tomcat 7.0.4
apache/tomcat 7.0.5
apache/tomcat 7.0.6
apache/tomcat 6.0.0
apache/tomcat 6.0.1
apache/tomcat 6.0.2
... and 25 more
Published Feb 10, 2011
Tracked Since Feb 18, 2026