5

CVE-2011-0534

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTomcat Version7.0.0
ApacheTomcat Version7.0.1
ApacheTomcat Version7.0.2
ApacheTomcat Version7.0.3
ApacheTomcat Version7.0.4
ApacheTomcat Version7.0.5
ApacheTomcat Version7.0.6
ApacheTomcat Version6.0.0
ApacheTomcat Version6.0.1
ApacheTomcat Version6.0.2
ApacheTomcat Version6.0.3
ApacheTomcat Version6.0.4
ApacheTomcat Version6.0.5
ApacheTomcat Version6.0.6
ApacheTomcat Version6.0.7
ApacheTomcat Version6.0.8
ApacheTomcat Version6.0.9
ApacheTomcat Version6.0.10
ApacheTomcat Version6.0.11
ApacheTomcat Version6.0.12
ApacheTomcat Version6.0.13
ApacheTomcat Version6.0.14
ApacheTomcat Version6.0.15
ApacheTomcat Version6.0.16
ApacheTomcat Version6.0.17
ApacheTomcat Version6.0.18
ApacheTomcat Version6.0.19
ApacheTomcat Version6.0.20
ApacheTomcat Version6.0.24
ApacheTomcat Version6.0.26
ApacheTomcat Version6.0.27
ApacheTomcat Version6.0.28
ApacheTomcat Version6.0.29
ApacheTomcat Version6.0.30
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.89% 0.94
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://secunia.com/advisories/57126
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://support.apple.com/kb/HT5002
http://secunia.com/advisories/45022
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://secunia.com/advisories/43192
http://www.debian.org/security/2011/dsa-2160
http://osvdb.org/70809
http://securityreason.com/securityalert/8074
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.32
Patch
Vendor Advisory
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_%28released_5_Feb_2011%29
http://www.securityfocus.com/archive/1/516214/100/0/threaded
http://www.securityfocus.com/bid/46164
http://www.securitytracker.com/id?1025027
http://www.vupen.com/english/advisories/2011/0293
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65162