Description
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
Remediation
References
Related Vulnerabilities
Rukovoditel Cross-site Scripting (XSS) Vulnerability (CVE-2019-7541)
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-35030)
WordPress Plugin Redux Framework Cross-Site Request Forgery (4.1.23)
WordPress Plugin P3 (Plugin Performance Profiler) Cross-Site Scripting (1.5.3.8)
Drupal Incorrect Authorization Vulnerability (CVE-2017-6377)