Skip to main content

CVE-2011-2526

Severity

5.5

Description

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.

Project

Apache Tomcat

Category
n/a
Tags
data
functional
other
Date Disclosed

2011-07-14

Date Discovered

2011-06-15

Apache Tomcat 7.0.x

First release:
2011-01-14
First release:
2021-03-31
CVEs:
53
Support Lifecycle:
Namespace:
javax

Apache Tomcat 6.0.x

First release:
2007-02-28
First release:
2016-12-31
CVEs:
48
Support Lifecycle:
Namespace:
javax
Feel Vulnerable? 

Contact us so we can help you.

* These fields are required.