ID CVE-2011-0534
Summary Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 7.0.0
    cpe:2.3:a:apache:tomcat:7.0.0
  • Apache Software Foundation Tomcat 7.0.1
    cpe:2.3:a:apache:tomcat:7.0.1
  • Apache Software Foundation Tomcat 7.0.2
    cpe:2.3:a:apache:tomcat:7.0.2
  • Apache Software Foundation Tomcat 7.0.3
    cpe:2.3:a:apache:tomcat:7.0.3
  • Apache Software Foundation Tomcat 7.0.4
    cpe:2.3:a:apache:tomcat:7.0.4
  • Apache Software Foundation Tomcat 7.0.5
    cpe:2.3:a:apache:tomcat:7.0.5
  • Apache Software Foundation Tomcat 7.0.6
    cpe:2.3:a:apache:tomcat:7.0.6
  • Apache Software Foundation Tomcat 6.0.0
    cpe:2.3:a:apache:tomcat:6.0.0
  • Apache Software Foundation Tomcat 6.0.1
    cpe:2.3:a:apache:tomcat:6.0.1
  • Apache Software Foundation Tomcat 6.0.2
    cpe:2.3:a:apache:tomcat:6.0.2
  • Apache Software Foundation Tomcat 6.0.3
    cpe:2.3:a:apache:tomcat:6.0.3
  • Apache Software Foundation Tomcat 6.0.4
    cpe:2.3:a:apache:tomcat:6.0.4
  • Apache Software Foundation Tomcat 6.0.5
    cpe:2.3:a:apache:tomcat:6.0.5
  • Apache Software Foundation Tomcat 6.0.6
    cpe:2.3:a:apache:tomcat:6.0.6
  • Apache Software Foundation Tomcat 6.0.7
    cpe:2.3:a:apache:tomcat:6.0.7
  • Apache Software Foundation Tomcat 6.0.8
    cpe:2.3:a:apache:tomcat:6.0.8
  • Apache Software Foundation Tomcat 6.0.9
    cpe:2.3:a:apache:tomcat:6.0.9
  • Apache Software Foundation Tomcat 6.0.10
    cpe:2.3:a:apache:tomcat:6.0.10
  • Apache Software Foundation Tomcat 6.0.11
    cpe:2.3:a:apache:tomcat:6.0.11
  • Apache Software Foundation Tomcat 6.0.12
    cpe:2.3:a:apache:tomcat:6.0.12
  • Apache Software Foundation Tomcat 6.0.13
    cpe:2.3:a:apache:tomcat:6.0.13
  • Apache Software Foundation Tomcat 6.0.14
    cpe:2.3:a:apache:tomcat:6.0.14
  • Apache Software Foundation Tomcat 6.0.15
    cpe:2.3:a:apache:tomcat:6.0.15
  • Apache Software Foundation Tomcat 6.0.16
    cpe:2.3:a:apache:tomcat:6.0.16
  • Apache Software Foundation Tomcat 6.0.17
    cpe:2.3:a:apache:tomcat:6.0.17
  • Apache Software Foundation Tomcat 6.0.18
    cpe:2.3:a:apache:tomcat:6.0.18
  • Apache Software Foundation Tomcat 6.0.19
    cpe:2.3:a:apache:tomcat:6.0.19
  • Apache Software Foundation Tomcat 6.0.20
    cpe:2.3:a:apache:tomcat:6.0.20
  • Apache Software Foundation Tomcat 6.0.24
    cpe:2.3:a:apache:tomcat:6.0.24
  • Apache Software Foundation Tomcat 6.0.26
    cpe:2.3:a:apache:tomcat:6.0.26
  • Apache Software Foundation Tomcat 6.0.27
    cpe:2.3:a:apache:tomcat:6.0.27
  • Apache Software Foundation Tomcat 6.0.28
    cpe:2.3:a:apache:tomcat:6.0.28
  • Apache Software Foundation Tomcat 6.0.29
    cpe:2.3:a:apache:tomcat:6.0.29
  • Apache Software Foundation Tomcat 6.0.30
    cpe:2.3:a:apache:tomcat:6.0.30
CVSS
Base: 5.0 (as of 10-02-2011 - 18:33)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12687.NASL
    description - Apache Tomcat Local bypass of security manger file permissions. (CVE-2010-3718) - Apache Tomcat Manager XSS vulnerability. (CVE-2011-0013)
    last seen 2017-10-29
    modified 2012-04-23
    plugin id 52711
    published 2011-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52711
    title SuSE9 Security Update : Tomcat (YOU Patch Number 12687)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_TOMCAT6-110211.NASL
    description This tomcat6 update fixes : - CVE-2010-3718: CVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N): Design Error (CWE-DesignError) - CVE-2011-0013: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): XSS (CWE-79) - CVE-2011-0534: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Resource Management Errors (CWE-399)
    last seen 2017-10-29
    modified 2014-06-13
    plugin id 75761
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75761
    title openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0146-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_TOMCAT6-110211.NASL
    description This tomcat6 update fixes : - CVE-2010-3718: CVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N): Design Error (CWE-DesignError) - CVE-2011-0013: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): XSS (CWE-79) - CVE-2011-0534: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Resource Management Errors (CWE-399)
    last seen 2017-10-29
    modified 2014-06-13
    plugin id 53807
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53807
    title openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0146-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110309_TOMCAT6_ON_SL6_X.NASL
    description A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially crafted HTTP request. (CVE-2010-4476) A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote attacker could use this flaw to cause a denial of service (out-of-memory condition) via a specially crafted request containing a large NIO buffer size request value. (CVE-2011-0534) This update also fixes the following bug : - A bug in the 'tomcat6' init script prevented additional Tomcat instances from starting. As well, running 'service tomcat6 start' caused configuration options applied from '/etc/sysconfig/tomcat6' to be overwritten with those from '/etc/tomcat6/tomcat6.conf'. With this update, multiple instances of Tomcat run as expected. (BZ#676922) Tomcat must be restarted for this update to take effect.
    last seen 2018-07-01
    modified 2018-06-29
    plugin id 60985
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60985
    title Scientific Linux Security Update : tomcat6 on SL6.x i386/x86_64
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2011-006.NASL
    description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2011-006 applied. This update contains numerous security-related fixes for the following components : - Apache - Application Firewall - ATS - BIND - Certificate Trust Policy - CFNetwork - CoreFoundation - CoreMedia - File Systems - IOGraphics - iChat Server - Mailman - MediaKit - PHP - postfix - python - QuickTime - Tomcat - User Documentation - Web Server - X11
    last seen 2018-07-15
    modified 2018-07-14
    plugin id 56481
    published 2011-10-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56481
    title Mac OS X Multiple Vulnerabilities (Security Update 2011-006)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-0335.NASL
    description From Red Hat Security Advisory 2011:0335 : Updated tomcat6 packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially crafted HTTP request. (CVE-2010-4476) A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote attacker could use this flaw to cause a denial of service (out-of-memory condition) via a specially crafted request containing a large NIO buffer size request value. (CVE-2011-0534) This update also fixes the following bug : * A bug in the 'tomcat6' init script prevented additional Tomcat instances from starting. As well, running 'service tomcat6 start' caused configuration options applied from '/etc/sysconfig/tomcat6' to be overwritten with those from '/etc/tomcat6/tomcat6.conf'. With this update, multiple instances of Tomcat run as expected. (BZ#676922) Users of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.
    last seen 2018-07-30
    modified 2018-07-26
    plugin id 68224
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68224
    title Oracle Linux 6 : tomcat6 (ELSA-2011-0335)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0335.NASL
    description Updated tomcat6 packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially crafted HTTP request. (CVE-2010-4476) A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote attacker could use this flaw to cause a denial of service (out-of-memory condition) via a specially crafted request containing a large NIO buffer size request value. (CVE-2011-0534) This update also fixes the following bug : * A bug in the 'tomcat6' init script prevented additional Tomcat instances from starting. As well, running 'service tomcat6 start' caused configuration options applied from '/etc/sysconfig/tomcat6' to be overwritten with those from '/etc/tomcat6/tomcat6.conf'. With this update, multiple instances of Tomcat run as expected. (BZ#676922) Users of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.
    last seen 2018-07-30
    modified 2018-07-27
    plugin id 52606
    published 2011-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52606
    title RHEL 6 : tomcat6 (RHSA-2011:0335)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-13457.NASL
    description Fixes for: CVE-2011-3190 - authentication bypass and information disclosure CVE-2011-2526 - send file validation CVE-2011-2204 - password disclosure vulnerability JAVA_HOME setting in tomcat6.conf CVE-2011-0534, CVE-2011-0013, CVE-2010-3718 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-07-13
    modified 2018-07-12
    plugin id 56573
    published 2011-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56573
    title Fedora 14 : tomcat6-6.0.26-27.fc14 (2011-13457)
  • NASL family Web Servers
    NASL id TOMCAT_7_0_8.NASL
    description According to its self-reported version number, the instance of Apache Tomcat listening on the remote host is prior to 6.0.32 or 7.0.8. It is, therefore, affected by a denial of service vulnerability. An error, involving the NIO HTTP connector, exists such that the limit 'maxHttpHeaderSize' is not enforced thereby allowing a denial of service condition when memory is exhausted. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
    last seen 2018-08-02
    modified 2018-08-01
    plugin id 51987
    published 2011-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51987
    title Apache Tomcat < 6.0.32 / 7.0.8 NIO Connector DoS
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1097-1.NASL
    description It was discovered that the Tomcat SecurityManager did not properly restrict the working directory. An attacker could use this flaw to read or write files outside of the intended working directory. (CVE-2010-3718) It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2011-0013) It was discovered that Tomcat incorrectly enforced the maxHttpHeaderSize limit in certain configurations. A remote attacker could use this flaw to cause Tomcat to consume all available memory, resulting in a denial of service. (CVE-2011-0534). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-02
    modified 2018-08-01
    plugin id 53221
    published 2011-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53221
    title Ubuntu 9.10 / 10.04 LTS / 10.10 : tomcat6 vulnerabilities (USN-1097-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2160.NASL
    description Several vulnerabilities were discovered in the Tomcat Servlet and JSP engine : - CVE-2010-3718 It was discovered that the SecurityManager insufficiently restricted the working directory. - CVE-2011-0013 It was discovered that the HTML manager interface is affected by cross-site scripting. - CVE-2011-0534 It was discovered that NIO connector performs insufficient validation of the HTTP headers, which could lead to denial of service. The oldstable distribution (lenny) is not affected by these issues.
    last seen 2018-07-10
    modified 2018-07-09
    plugin id 51959
    published 2011-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51959
    title Debian DSA-2160-1 : tomcat6 - several vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201206-24.NASL
    description The remote host is affected by the vulnerability described in GLSA-201206-24 (Apache Tomcat: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact : The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server’s hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file. Workaround : There is no known workaround at this time.
    last seen 2018-07-12
    modified 2018-07-11
    plugin id 59677
    published 2012-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59677
    title GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities
redhat via4
advisories
bugzilla
id 676922
title Additionally Created Instances of Tomcat are broken / don't work
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhsa:tst:20100842001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhsa:tst:20100842002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20100842003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20100842004
  • OR
    • AND
      • comment tomcat6-docs-webapp is earlier than 0:6.0.24-24.el6_0
        oval oval:com.redhat.rhsa:tst:20110335019
      • comment tomcat6-docs-webapp is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110335020
    • AND
      • comment tomcat6-lib is earlier than 0:6.0.24-24.el6_0
        oval oval:com.redhat.rhsa:tst:20110335017
      • comment tomcat6-lib is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110335018
    • AND
      • comment tomcat6-webapps is earlier than 0:6.0.24-24.el6_0
        oval oval:com.redhat.rhsa:tst:20110335013
      • comment tomcat6-webapps is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110335014
    • AND
      • comment tomcat6-jsp-2.1-api is earlier than 0:6.0.24-24.el6_0
        oval oval:com.redhat.rhsa:tst:20110335007
      • comment tomcat6-jsp-2.1-api is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110335008
    • AND
      • comment tomcat6-javadoc is earlier than 0:6.0.24-24.el6_0
        oval oval:com.redhat.rhsa:tst:20110335011
      • comment tomcat6-javadoc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110335012
    • AND
      • comment tomcat6-el-2.1-api is earlier than 0:6.0.24-24.el6_0
        oval oval:com.redhat.rhsa:tst:20110335023
      • comment tomcat6-el-2.1-api is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110335024
    • AND
      • comment tomcat6-admin-webapps is earlier than 0:6.0.24-24.el6_0
        oval oval:com.redhat.rhsa:tst:20110335021
      • comment tomcat6-admin-webapps is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110335022
    • AND
      • comment tomcat6-servlet-2.5-api is earlier than 0:6.0.24-24.el6_0
        oval oval:com.redhat.rhsa:tst:20110335009
      • comment tomcat6-servlet-2.5-api is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110335010
    • AND
      • comment tomcat6-log4j is earlier than 0:6.0.24-24.el6_0
        oval oval:com.redhat.rhsa:tst:20110335015
      • comment tomcat6-log4j is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110335016
    • AND
      • comment tomcat6 is earlier than 0:6.0.24-24.el6_0
        oval oval:com.redhat.rhsa:tst:20110335005
      • comment tomcat6 is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110335006
rhsa
id RHSA-2011:0335
released 2011-03-09
severity Important
title RHSA-2011:0335: tomcat6 security and bug fix update (Important)
rpms
  • tomcat6-docs-webapp-0:6.0.24-24.el6_0
  • tomcat6-lib-0:6.0.24-24.el6_0
  • tomcat6-webapps-0:6.0.24-24.el6_0
  • tomcat6-jsp-2.1-api-0:6.0.24-24.el6_0
  • tomcat6-javadoc-0:6.0.24-24.el6_0
  • tomcat6-el-2.1-api-0:6.0.24-24.el6_0
  • tomcat6-admin-webapps-0:6.0.24-24.el6_0
  • tomcat6-servlet-2.5-api-0:6.0.24-24.el6_0
  • tomcat6-log4j-0:6.0.24-24.el6_0
  • tomcat6-0:6.0.24-24.el6_0
refmap via4
apple APPLE-SA-2011-10-12-3
bid 46164
bugtraq 20110205 [SECURITY] CVE-2011-0534 Apache Tomcat DoS vulnerability
confirm
debian DSA-2160
hp HPSBST02955
osvdb 70809
sectrack 1025027
secunia
  • 43192
  • 45022
  • 57126
sreason 8074
suse SUSE-SR:2011:005
vupen ADV-2011-0293
xf tomcat-nio-connector-dos(65162)
Last major update 16-03-2014 - 00:11
Published 10-02-2011 - 13:00
Last modified 13-08-2018 - 17:47
Back to Top