Description

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

Remediation

References

CVE-2011-0534

Related Vulnerabilities

WordPress Plugin WP Support Plus Responsive Ticket System PHP Object Injection (9.0.3)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6106)

Drupal Core 6.x Security Bypass (6.0 - 6.35)

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (3.9.1)

WordPress Cookies Security Bypass Weakness (1.5 - 2.3.1)

Severity

Medium

Classification

CVE-2011-0534

Tags

Missing Update Known Vulnerabilities