Computer Security
[EN] securityvulns.ru no-pyccku


Apache Tomcat multiple security vulnerabilities
Published:08.02.2011
Source:
SecurityVulns ID:11406
Type:remote
Threat Level:
6/10
Description:Privilege escalation, DoS, crossite scripting.
Affected:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
 APACHE : Tomcat 7.0
CVE:CVE-2011-0534 (Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.)
 CVE-2011-0013 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Software Foundation Tomcat 7.0 before 7.0.6, 5.5 before 5.5.32, and 6.0 before 6.0.30 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.)
 CVE-2010-3718 (Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.)
Original documentdocumentAPACHE, [SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability (08.02.2011)
 documentAPACHE, [SECURITY] CVE-2011-0534 Apache Tomcat DoS vulnerability (08.02.2011)
 documentAPACHE, [SECURITY] Oracle JVM bug causes denial of service in Apache Tomcat (08.02.2011)
 documentAPACHE, [SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions (08.02.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod