Home > Vulnerability Database > CVE-2011-0534

Mend.io Vulnerability Database

CVE-2011-0534

Good to know:

Date: February 10, 2011

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

Language: Java

Severity Score

10.0

Related Resources (22)

Url: http://securityreason.com/securityalert/8074

Url: http://secunia.com/advisories/57126

Url: https://access.redhat.com/security/cve/CVE-2011-0534

Url: http://www.vupen.com/english/advisories/2011/0293

Url: http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

Url: http://secunia.com/advisories/43192

Url: http://support.apple.com/kb/HT5002

Url: http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

Url: http://marc.info/?l=bugtraq&m=139344343412337&w=2

Url: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html

Url: http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_%28released_5_Feb_2011%29

Url: http://www.securityfocus.com/archive/1/516214/100/0/threaded

Url: http://secunia.com/advisories/45022

Url: http://osvdb.org/70809

Url: http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.32

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-0534

Url: http://www.debian.org/security/2011/dsa-2160

Url: http://www.securitytracker.com/id?1025027

Url: http://www.securityfocus.com/bid/46164

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/65162

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2011-0534

Url: https://www.mend.io/vulnerability-database/CVE-2011-0534

Severity Score

10.0

Weakness Type (CWE)

Resource Management Errors

CWE-399

CVSS v3

Base Score:	10.0
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE

CVSS v2

Base Score:	9.8
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-0534

Good to know:

Date: February 10, 2011

Language: Java

Severity Score

Related Resources (22)

Severity Score

Weakness Type (CWE)

CVSS v3

CVSS v2

Do you need more information?