CVE-2011-0534

Published: 10 February 2011

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

Priority

Medium

Status

Package Release Status
tomcat6
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1066313