Lucene search

[email protected]CVE-2011-2526

HistoryJul 14, 2011 - 11:55 p.m.

CVE-2011-2526

2011-07-1423:55:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2011-2526

apache tomcat

file access restrictions

denial of service

security vulnerability

5.3 Medium

AI Score

Confidence

High

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

15.7%

JSON

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.

CPENameOperatorVersion
apache:tomcatapache tomcateq5.5.27
apache:tomcatapache tomcateq5.5.18
apache:tomcatapache tomcateq5.5.12
apache:tomcatapache tomcateq5.5.14
apache:tomcatapache tomcateq5.5.10
apache:tomcatapache tomcateq5.5.4
apache:tomcatapache tomcateq5.5.7
apache:tomcatapache tomcateq5.5.1
apache:tomcatapache tomcateq5.5.11
apache:tomcatapache tomcateq5.5.28

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	5.5.27
apache:tomcat	apache tomcat	eq	5.5.18
apache:tomcat	apache tomcat	eq	5.5.12
apache:tomcat	apache tomcat	eq	5.5.14
apache:tomcat	apache tomcat	eq	5.5.10
apache:tomcat	apache tomcat	eq	5.5.4
apache:tomcat	apache tomcat	eq	5.5.7
apache:tomcat	apache tomcat	eq	5.5.1
apache:tomcat	apache tomcat	eq	5.5.11
apache:tomcat	apache tomcat	eq	5.5.28

Rows per page:

1-10 of 791

References

marc.info/?l=bugtraq&m=132215163318824&w=2

marc.info/?l=bugtraq&m=133469267822771&w=2

marc.info/?l=bugtraq&m=136485229118404&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

osvdb.org/73797

osvdb.org/73798

rhn.redhat.com/errata/RHSA-2012-0074.html

rhn.redhat.com/errata/RHSA-2012-0075.html

rhn.redhat.com/errata/RHSA-2012-0076.html

rhn.redhat.com/errata/RHSA-2012-0077.html

rhn.redhat.com/errata/RHSA-2012-0078.html

rhn.redhat.com/errata/RHSA-2012-0325.html

secunia.com/advisories/45232

secunia.com/advisories/48308

secunia.com/advisories/57126

svn.apache.org/viewvc?view=revision&revision=1145383

svn.apache.org/viewvc?view=revision&revision=1145571

svn.apache.org/viewvc?view=revision&revision=1145694

svn.apache.org/viewvc?view=revision&revision=1146005

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

www.debian.org/security/2012/dsa-2401

www.mandriva.com/security/advisories?name=MDVSA-2011:156

www.securityfocus.com/archive/1/518889/100/0/threaded

www.securityfocus.com/bid/48667

www.securitytracker.com/id?1025788

bugzilla.redhat.com/show_bug.cgi?id=720948

exchange.xforce.ibmcloud.com/vulnerabilities/68541

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14573

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19514

5.3 Medium

AI Score

Confidence

High

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

15.7%

JSON

Related for CVE-2011-2526

securityvulns2 ubuntucve1 debiancve1 prion1 osv2 seebug1 openvas22 github1 nessus23 fedora3 tomcat3 ubuntu1 redhat9 oraclelinux1 centos1 debian1 ibm3 gentoo1