CVE-2011-0534 — Apache Tomcat vulnerability

CWE-3998 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

16.3%

top 5.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat

Timeline

PublishedFeb 10

Latest updateMay 14

Description

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/tomcat34 versions+33

Patches

Patch: tomcat.apache.org ↗Patch: tomcat.apache.org ↗

🔴Vulnerability Details

GHSA

Apache Tomcat does not enforce the maxHttpHeaderSize limit↗2022-05-14

▶

OSV

Apache Tomcat does not enforce the maxHttpHeaderSize limit↗2022-05-14

▶

CVEList

CVE-2011-0534: Apache Tomcat 7↗2011-02-10

▶

📋Vendor Advisories

Ubuntu

Tomcat vulnerabilities↗2011-03-29

▶

Red Hat

tomcat: remote DoS via NIO connector↗2011-01-21

▶

💬Community

Bugzilla

CVE-2011-0013 CVE-2010-3718 CVE-2011-0534 tomcat6 various flaws [fedora-all]↗2011-02-07

▶

Bugzilla

CVE-2011-0534 tomcat: remote DoS via NIO connector↗2011-02-04

▶