Apache Tomcat NIO Connector Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running Apache Tomcat and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow remote attackers to trigger a denial-of-service condition in the affected software. Impact Level: Application

Solution

Upgrade Apache Tomcat version to 6.0.32, 7.0.8 or later, For updates refer to http://tomcat.apache.org

Insight

Tomcat did not enforce the maxHttpHeaderSize limit while parsing the request line in the NIO HTTP connector. A specially crafted request could trigger an DoS via an OutOfMemoryError.

Affected

Apache Tomcat version 6.0.x before 6.0.32 Apache Tomcat version 7.0.x before 7.0.8

Detection

Get the installed version of Apache Tomcat with the help of detect NVT and check the version is vulnerable or not.

References

http://cxsecurity.com/issue/WLB-2011020145
http://osvdb.org/70809
http://www.securitytracker.com/id?1025027
http://xforce.iss.net/xforce/xfdb/65162

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0534
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Struts Cross Site Scripting Vulnerability
Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
Apache Tomcat SecurityConstraints Security Bypass Vulnerability
Apache Struts2 'XWork' Information Disclosure Vulnerability

Apache Tomcat NIO Connector Denial of Service Vulnerability

Take action and discover your vulnerabilities