Description

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

Remediation

References

CVE-2011-0534

Related Vulnerabilities

Rukovoditel Cross-site Scripting (XSS) Vulnerability (CVE-2019-7541)

Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-35030)

WordPress Plugin Redux Framework Cross-Site Request Forgery (4.1.23)

WordPress Plugin P3 (Plugin Performance Profiler) Cross-Site Scripting (1.5.3.8)

Drupal Incorrect Authorization Vulnerability (CVE-2017-6377)

Severity

Medium

Classification

CVE-2011-0534

Tags

Missing Update Known Vulnerabilities