CVE-2011-0534 – org.apache.tomcat:tomcat

Package

Manager: maven
Name: org.apache.tomcat:tomcat
Vulnerable Version: >=6.0.0 <6.0.32 || >=7.0.0 <7.0.8

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.16975 pctl0.94718

Details

Apache Tomcat does not enforce the maxHttpHeaderSize limit Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

Metadata

Created: 2022-05-14T02:56:35Z
Modified: 2024-02-21T23:28:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-43v2-6grp-9pp9/GHSA-43v2-6grp-9pp9.json
CWE IDs: []
Alternative ID: GHSA-43v2-6grp-9pp9
Finding: F002
Auto approve: 1