Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability Network Vulnerability

Summary

Apache Tomcat is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information that will aid in further attacks. Attackers may also crash the JVM. The following versions are affected: Tomcat 5.5.0 through 5.5.33 Tomcat 6.0.0 through 6.0.32 Tomcat 7.0.0 through 7.0.18

Solution

Updates are available. Please see the references for more information.

References

http://support.avaya.com/css/P8/documents/100147767
http://tomcat.apache.org/
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://www.ibm.com/support/docview.wss?uid=swg21507512
http://www.securityfocus.com/bid/48667

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2526

CVSS	Base Score: 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

@Mail 'admin.php' Cross-Site Scripting Vulnerabilities
Apache CouchDB Cross Site Request Forgery Vulnerability
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
AMSI 'file' Parameter Directory Traversal Vulnerability

Take action and discover your vulnerabilities