Home > Vulnerability Database > CVE-2011-0534

Mend.io Vulnerability Database

CVE-2011-0534

Good to know:

Date: February 10, 2011

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

Language: Java

Severity Score

5.3

Related Resources (32)

Url: http://securityreason.com/securityalert/8074

Url: http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_(released_5_Feb_2011)

Url: https://access.redhat.com/security/cve/CVE-2011-0534

Url: http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

Url: http://secunia.com/advisories/43192

Url: https://github.com/apache/tomcat/commit/008447095ce8c3a8f713093d5e618f3f06f94ea8

Url: http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

Url: http://marc.info/?l=bugtraq&m=139344343412337&w=2

Url: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html

Url: https://github.com/apache/tomcat

Url: http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_%28released_5_Feb_2011%29

Url: https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126

Url: http://www.securityfocus.com/archive/1/516214/100/0/threaded

Url: http://secunia.com/advisories/45022

Url: http://osvdb.org/70809

Url: https://web.archive.org/web/20131227020011/http://www.securityfocus.com/bid/46164

Url: http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.32

Url: https://support.apple.com/kb/HT5002

Url: http://www.securityfocus.com/bid/46164

Url: http://www.securitytracker.com/id?1025027

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/65162

Url: http://secunia.com/advisories/57126

Url: http://www.vupen.com/english/advisories/2011/0293

Url: https://web.archive.org/web/20200517155748/http://www.securityfocus.com/archive/1/516214/100/0/threaded

Url: https://web.archive.org/web/20110801035315/http://secunia.com/advisories/45022

Url: http://support.apple.com/kb/HT5002

Url: https://web.archive.org/web/20121212040149/http://www.securitytracker.com/id?1025027

Url: https://web.archive.org/web/20121024140440/http://secunia.com/advisories/43192

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-0534

Url: http://www.debian.org/security/2011/dsa-2160

Url: https://web.archive.org/web/20120120085637/http://securityreason.com/securityalert/8074

Url: https://www.mend.io/vulnerability-database/CVE-2011-0534

Severity Score

5.3

Weakness Type (CWE)

Resource Management Errors

CWE-399

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-0534

Good to know:

Date: February 10, 2011

Language: Java

Severity Score

Related Resources (32)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?