Описание
Apache Tomcat does not enforce the maxHttpHeaderSize limit
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-0534
- https://github.com/apache/tomcat/commit/008447095ce8c3a8f713093d5e618f3f06f94ea8
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65162
- https://support.apple.com/kb/HT5002
- https://web.archive.org/web/20110801035315/http://secunia.com/advisories/45022
- https://web.archive.org/web/20120120085637/http://securityreason.com/securityalert/8074
- https://web.archive.org/web/20121024140440/http://secunia.com/advisories/43192
- https://web.archive.org/web/20121212040149/http://www.securitytracker.com/id?1025027
- https://web.archive.org/web/20131227020011/http://www.securityfocus.com/bid/46164
- https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126
- https://web.archive.org/web/20200517155748/http://www.securityfocus.com/archive/1/516214/100/0/threaded
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://marc.info/?l=bugtraq&m=139344343412337&w=2
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
- http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.32
- http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_(released_5_Feb_2011)
- http://www.debian.org/security/2011/dsa-2160
Пакеты
org.apache.tomcat:tomcat
>= 6.0.0, <= 6.0.30
6.0.32
org.apache.tomcat:tomcat
>= 7.0.0, <= 7.0.6
7.0.8
Связанные уязвимости
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not en ...
ELSA-2011-0335: tomcat6 security and bug fix update (IMPORTANT)