1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
PublicDateAtUSN: 2011-02-10
Candidate: CVE-2011-0534
PublicDate: 2011-02-10
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534
http://tomcat.apache.org/security-6.html
http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0076.html
http://www.ubuntu.com/usn/usn-1097-1
Description:
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce
the maxHttpHeaderSize limit for requests involving the NIO HTTP connector,
which allows remote attackers to cause a denial of service
(OutOfMemoryError) via a crafted request.
Ubuntu-Description:
Notes:
Bugs:
https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/717396
https://bugs.edge.launchpad.net/ubuntu/natty/+source/tomcat6/+bug/714239
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612257
https://issues.apache.org/bugzilla/show_bug.cgi?id=50631
Priority: medium
Discovered-by:
Assigned-to:
Patches_tomcat6:
upstream: http://svn.apache.org/viewvc?view=revision&revision=1066313
upstream_tomcat6: needs-triage
dapper_tomcat6: DNE
hardy_tomcat6: DNE
karmic_tomcat6: released (6.0.20-2ubuntu2.4)
lucid_tomcat6: released (6.0.24-2ubuntu1.7)
maverick_tomcat6: released (6.0.28-2ubuntu1.2)
devel_tomcat6: not-affected (6.0.28-10)
|