1
PublicDateAtUSN: 2011-07-14
2
Candidate: CVE-2011-2526
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526
6
https://usn.ubuntu.com/usn/usn-1252-1
8
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before
9
7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector,
10
does not validate certain request attributes, which allows local users to
11
bypass intended file access restrictions or cause a denial of service
12
(infinite loop or JVM crash) by leveraging an untrusted web application.
16
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634992
22
upstream: http://svn.apache.org/viewvc?view=revision&revision=1158244
23
upstream_tomcat5.5: released (5.5.34)
24
hardy_tomcat5.5: ignored (reached end-of-life)
26
maverick_tomcat5.5: DNE
28
oneiric_tomcat5.5: DNE
32
upstream: http://svn.apache.org/viewvc?view=revision&revision=1146703
33
upstream_tomcat6: released (6.0.33)
35
lucid_tomcat6: released (6.0.24-2ubuntu1.9)
36
maverick_tomcat6: released (6.0.28-2ubuntu1.5)
37
natty_tomcat6: released (6.0.28-10ubuntu2.2)
38
oneiric_tomcat6: released (6.0.32-5ubuntu1.1)
39
devel_tomcat6: released (6.0.32-6ubuntu1)
42
upstream: http://svn.apache.org/viewvc?view=revision&revision=1146005
43
upstream: http://svn.apache.org/viewvc?view=revision&revision=1145694
44
upstream: http://svn.apache.org/viewvc?view=revision&revision=1145571
45
upstream: http://svn.apache.org/viewvc?view=revision&revision=1145489
46
upstream: http://svn.apache.org/viewvc?view=revision&revision=1145383
47
upstream_tomcat7: released (7.0.19)
52
oneiric_tomcat7: not-affected (7.0.21-1)
53
devel_tomcat7: not-affected (7.0.21-1)