We found results for “”
CVE-2011-2526
Good to know:
Date: July 14, 2011
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
Language: Java
Severity Score
Related Resources (39)
Severity Score
Weakness Type (CWE)
Input Validation
CWE-20Top Fix
Upgrade Version
Upgrade to version org.apache.tomcat:catalina:7.0.19,org.apache.tomcat:tomcat-coyote:7.0.19,org.apache.tomcat:tomcat-util:7.0.19,org.apache.tomcat:tomcat-catalina:7.0.19,org.apache.tomcat:coyote:6.0.33,org.apache.tomcat.embed:tomcat-embed-core:7.0.19
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | LOW |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | LOCAL |
Access Complexity (AC): | MEDIUM |
Authentication (AU): | NONE |
Confidentiality (C): | PARTIAL |
Integrity (I): | PARTIAL |
Availability (A): | PARTIAL |
Additional information: |