CVE-2011-2526

Priority
Description
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before
7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector,
does not validate certain request attributes, which allows local users to
bypass intended file access restrictions or cause a denial of service
(infinite loop or JVM crash) by leveraging an untrusted web application.
Assigned-to
mdeslaur
Package
Upstream:released (5.5.34)
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1158244
Package
Upstream:released (6.0.33)
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1146703
More Information

Updated: 2019-03-19 11:59:06 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)