Vulnerabilities > CVE-2011-0534 - Resource Management Errors vulnerability in Apache Tomcat
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_2_TOMCAT6-110211.NASL description This tomcat6 update fixes : - CVE-2010-3718: CVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N): Design Error (CWE-DesignError) - CVE-2011-0013: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): XSS (CWE-79) - CVE-2011-0534: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Resource Management Errors (CWE-399) last seen 2020-06-01 modified 2020-06-02 plugin id 53807 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53807 title openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0146-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update tomcat6-3945. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(53807); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:41"); script_cve_id("CVE-2010-3718", "CVE-2011-0013", "CVE-2011-0534"); script_name(english:"openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0146-1)"); script_summary(english:"Check for the tomcat6-3945 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This tomcat6 update fixes : - CVE-2010-3718: CVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N): Design Error (CWE-DesignError) - CVE-2011-0013: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): XSS (CWE-79) - CVE-2011-0534: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Resource Management Errors (CWE-399)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=669897" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=669929" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=669930" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2011-03/msg00000.html" ); script_set_attribute( attribute:"solution", value:"Update the affected tomcat6 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-webapps"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2"); script_set_attribute(attribute:"patch_publication_date", value:"2011/02/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( rpm_check(release:"SUSE11.2", reference:"tomcat6-6.0.20-24.33.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"tomcat6-admin-webapps-6.0.20-24.33.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"tomcat6-docs-webapp-6.0.20-24.33.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"tomcat6-javadoc-6.0.20-24.33.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"tomcat6-jsp-2_1-api-6.0.20-24.33.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"tomcat6-lib-6.0.20-24.33.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"tomcat6-servlet-2_5-api-6.0.20-24.33.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"tomcat6-webapps-6.0.20-24.33.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat6"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201206-24.NASL description The remote host is affected by the vulnerability described in GLSA-201206-24 (Apache Tomcat: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact : The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server’s hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 59677 published 2012-06-25 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59677 title GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2011-13457.NASL description Fixes for: CVE-2011-3190 - authentication bypass and information disclosure CVE-2011-2526 - send file validation CVE-2011-2204 - password disclosure vulnerability JAVA_HOME setting in tomcat6.conf CVE-2011-0534, CVE-2011-0013, CVE-2010-3718 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56573 published 2011-10-21 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56573 title Fedora 14 : tomcat6-6.0.26-27.fc14 (2011-13457) NASL family SuSE Local Security Checks NASL id SUSE_11_3_TOMCAT6-110211.NASL description This tomcat6 update fixes : - CVE-2010-3718: CVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N): Design Error (CWE-DesignError) - CVE-2011-0013: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): XSS (CWE-79) - CVE-2011-0534: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Resource Management Errors (CWE-399) last seen 2020-06-01 modified 2020-06-02 plugin id 75761 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75761 title openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0146-1) NASL family Web Servers NASL id TOMCAT_7_0_8.NASL description According to its self-reported version number, the instance of Apache Tomcat listening on the remote host is prior to 6.0.32 or 7.0.8. It is, therefore, affected by a denial of service vulnerability. An error, involving the NIO HTTP connector, exists such that the limit last seen 2020-03-18 modified 2011-02-15 plugin id 51987 published 2011-02-15 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51987 title Apache Tomcat < 6.0.32 / 7.0.8 NIO Connector DoS NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1097-1.NASL description It was discovered that the Tomcat SecurityManager did not properly restrict the working directory. An attacker could use this flaw to read or write files outside of the intended working directory. (CVE-2010-3718) It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2011-0013) It was discovered that Tomcat incorrectly enforced the maxHttpHeaderSize limit in certain configurations. A remote attacker could use this flaw to cause Tomcat to consume all available memory, resulting in a denial of service. (CVE-2011-0534). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 53221 published 2011-03-30 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53221 title Ubuntu 9.10 / 10.04 LTS / 10.10 : tomcat6 vulnerabilities (USN-1097-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0335.NASL description From Red Hat Security Advisory 2011:0335 : Updated tomcat6 packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially crafted HTTP request. (CVE-2010-4476) A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote attacker could use this flaw to cause a denial of service (out-of-memory condition) via a specially crafted request containing a large NIO buffer size request value. (CVE-2011-0534) This update also fixes the following bug : * A bug in the last seen 2020-06-01 modified 2020-06-02 plugin id 68224 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68224 title Oracle Linux 6 : tomcat6 (ELSA-2011-0335) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0335.NASL description Updated tomcat6 packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially crafted HTTP request. (CVE-2010-4476) A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote attacker could use this flaw to cause a denial of service (out-of-memory condition) via a specially crafted request containing a large NIO buffer size request value. (CVE-2011-0534) This update also fixes the following bug : * A bug in the last seen 2020-06-01 modified 2020-06-02 plugin id 52606 published 2011-03-10 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52606 title RHEL 6 : tomcat6 (RHSA-2011:0335) NASL family SuSE Local Security Checks NASL id SUSE9_12687.NASL description - Apache Tomcat Local bypass of security manger file permissions. (CVE-2010-3718) - Apache Tomcat Manager XSS vulnerability. (CVE-2011-0013) last seen 2020-06-01 modified 2020-06-02 plugin id 52711 published 2011-03-18 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52711 title SuSE9 Security Update : Tomcat (YOU Patch Number 12687) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2011-006.NASL description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2011-006 applied. This update contains numerous security-related fixes for the following components : - Apache - Application Firewall - ATS - BIND - Certificate Trust Policy - CFNetwork - CoreFoundation - CoreMedia - File Systems - IOGraphics - iChat Server - Mailman - MediaKit - PHP - postfix - python - QuickTime - Tomcat - User Documentation - Web Server - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 56481 published 2011-10-13 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56481 title Mac OS X Multiple Vulnerabilities (Security Update 2011-006) NASL family SuSE Local Security Checks NASL id SUSE_TOMCAT5-7337.NASL description This tomcat6 update fixes : - CVE-2010-3718: CVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N): Design Error (CWE-DesignError) - CVE-2011-0013: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): XSS (CWE-79) last seen 2020-06-01 modified 2020-06-02 plugin id 52525 published 2011-03-03 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52525 title SuSE 10 Security Update : Tomcat (ZYPP Patch Number 7337) NASL family Scientific Linux Local Security Checks NASL id SL_20110309_TOMCAT6_ON_SL6_X.NASL description A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially crafted HTTP request. (CVE-2010-4476) A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote attacker could use this flaw to cause a denial of service (out-of-memory condition) via a specially crafted request containing a large NIO buffer size request value. (CVE-2011-0534) This update also fixes the following bug : - A bug in the last seen 2020-06-01 modified 2020-06-02 plugin id 60985 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60985 title Scientific Linux Security Update : tomcat6 on SL6.x i386/x86_64 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2160.NASL description Several vulnerabilities were discovered in the Tomcat Servlet and JSP engine : - CVE-2010-3718 It was discovered that the SecurityManager insufficiently restricted the working directory. - CVE-2011-0013 It was discovered that the HTML manager interface is affected by cross-site scripting. - CVE-2011-0534 It was discovered that NIO connector performs insufficient validation of the HTTP headers, which could lead to denial of service. The oldstable distribution (lenny) is not affected by these issues. last seen 2020-03-17 modified 2011-02-14 plugin id 51959 published 2011-02-14 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51959 title Debian DSA-2160-1 : tomcat6 - several vulnerabilities
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://osvdb.org/70809
- http://www.securityfocus.com/bid/46164
- http://www.securitytracker.com/id?1025027
- http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.32
- http://www.vupen.com/english/advisories/2011/0293
- http://www.debian.org/security/2011/dsa-2160
- http://secunia.com/advisories/43192
- http://securityreason.com/securityalert/8074
- http://support.apple.com/kb/HT5002
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
- http://secunia.com/advisories/45022
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://marc.info/?l=bugtraq&m=139344343412337&w=2
- http://secunia.com/advisories/57126
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65162
- http://www.securityfocus.com/archive/1/516214/100/0/threaded
- http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_%28released_5_Feb_2011%29