Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2011:0335
HistoryMar 09, 2011 - 12:00 a.m.

(RHSA-2011:0335) Important: tomcat6 security and bug fix update

2011-03-0900:00:00
access.redhat.com
32

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.041 Low

EPSS

Percentile

91.2%

JSON

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

A denial of service flaw was found in the way certain strings were
converted to Double objects. A remote attacker could use this flaw to cause
Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476)

A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote
attacker could use this flaw to cause a denial of service (out-of-memory
condition) via a specially-crafted request containing a large NIO buffer
size request value. (CVE-2011-0534)

This update also fixes the following bug:

  • A bug in the โ€œtomcat6โ€ init script prevented additional Tomcat instances
    from starting. As well, running โ€œservice tomcat6 startโ€ caused
    configuration options applied from โ€œ/etc/sysconfig/tomcat6โ€ to be
    overwritten with those from โ€œ/etc/tomcat6/tomcat6.confโ€. With this update,
    multiple instances of Tomcat run as expected. (BZ#676922)

Users of Tomcat should upgrade to these updated packages, which contain
backported patches to correct these issues. Tomcat must be restarted for
this update to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat6noarchtomcat6-admin-webapps<ย 6.0.24-24.el6_0tomcat6-admin-webapps-6.0.24-24.el6_0.noarch.rpm
RedHat6noarchtomcat6<ย 6.0.24-24.el6_0tomcat6-6.0.24-24.el6_0.noarch.rpm
RedHat6noarchtomcat6-javadoc<ย 6.0.24-24.el6_0tomcat6-javadoc-6.0.24-24.el6_0.noarch.rpm
RedHat6noarchtomcat6-webapps<ย 6.0.24-24.el6_0tomcat6-webapps-6.0.24-24.el6_0.noarch.rpm
RedHat6noarchtomcat6-docs-webapp<ย 6.0.24-24.el6_0tomcat6-docs-webapp-6.0.24-24.el6_0.noarch.rpm
RedHat6srctomcat6<ย 6.0.24-24.el6_0tomcat6-6.0.24-24.el6_0.src.rpm
RedHat6noarchtomcat6-el-2.1-api<ย 6.0.24-24.el6_0tomcat6-el-2.1-api-6.0.24-24.el6_0.noarch.rpm
RedHat6noarchtomcat6-servlet-2.5-api<ย 6.0.24-24.el6_0tomcat6-servlet-2.5-api-6.0.24-24.el6_0.noarch.rpm
RedHat6noarchtomcat6-jsp-2.1-api<ย 6.0.24-24.el6_0tomcat6-jsp-2.1-api-6.0.24-24.el6_0.noarch.rpm
RedHat6noarchtomcat6-log4j<ย 6.0.24-24.el6_0tomcat6-log4j-6.0.24-24.el6_0.noarch.rpm
Rows per page:
1-10 of 111

Related

openvas 67
oraclelinux 4
nessus 59
redhat 13
github 2
ubuntucve 2
tomcat 2
osv 3
securityvulns 6
prion 2
cve 2
veracode 1
jvn 4
checkpoint_security 1
f5 2
centos 2
cisa 1
ibm 2
seebug 1
debian 3
fedora 9
ubuntu 4
suse 4
gentoo 1
vmware 2
openvas
openvas
RedHat Update for tomcat6 RHSA-2011:0335-01
2012-06-06 00:00:00
RedHat Update for tomcat6 RHSA-2011:0335-01
2012-06-06 00:00:00
Oracle: Security Advisory (ELSA-2011-0335)
2015-10-06 00:00:00
oraclelinux
oraclelinux
tomcat6 security and bug fix update
2011-03-09 00:00:00
tomcat6 security and bug fix update
2011-05-28 00:00:00
java-1.6.0-openjdk security update
2011-02-11 00:00:00
nessus
nessus
Scientific Linux Security Update : tomcat6 on SL6.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 6 : tomcat6 (ELSA-2011-0335)
2013-07-12 00:00:00
RHEL 6 : tomcat6 (RHSA-2011:0335)
2011-03-10 00:00:00
redhat
redhat
(RHSA-2011:0348) Important: tomcat6 security update
2011-03-10 00:00:00
(RHSA-2011:0299) Moderate: java-1.4.2-ibm-sap security update
2011-02-23 00:00:00
(RHSA-2011:0336) Important: tomcat5 security update
2011-03-09 00:00:00
github
github
Apache Tomcat does not enforce the maxHttpHeaderSize limit
2022-05-14 02:56:35
Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment
2022-05-14 02:16:07
ubuntucve
ubuntucve
CVE-2011-0534
2011-02-10 00:00:00
CVE-2010-4476
2011-02-17 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 7.0.8
2011-02-05 00:00:00
Fixed in Apache Tomcat 6.0.32
2011-02-03 00:00:00
osv
osv
Apache Tomcat does not enforce the maxHttpHeaderSize limit
2022-05-14 02:56:35
Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment
2022-05-14 02:16:07
tomcat6 - several
2011-02-13 00:00:00
securityvulns
securityvulns
[SECURITY] CVE-2011-0534 Apache Tomcat DoS vulnerability
2011-02-08 00:00:00
[security bulletin] HPSBUX02642 SSRT100415 rev.1 - HP Network Node Manager i &#40;NNMi&#41; for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service &#40;DoS&#41;
2011-04-14 00:00:00
Apache Tomcat multiple security vulnerabilities
2011-02-08 00:00:00
prion
prion
Design/Logic Flaw
2011-02-10 18:00:00
Design/Logic Flaw
2011-02-17 19:00:00
cve
cve
CVE-2011-0534
2011-02-10 18:00:00
CVE-2010-4476
2011-02-17 19:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:53:32
jvn
jvn
JVN#97334690: IBM Lotus vulnerable to denial-of-service (DoS)
2011-03-04 00:00:00
JVN#26301278: IBM WebSphere Application Server vulnerable to denial-of-service (DoS)
2011-03-04 00:00:00
JVN#16308183: IBM DB2 vulnerable to denial-of-service (DoS)
2011-03-04 00:00:00
checkpoint_security
checkpoint_security
Check Point's response to Oracle Java Floating-Point Value Denial of Service Vulnerability (CVE-2010-4476)
2011-02-14 22:00:00
f5
f5
K12826 : Java Runtime Environment (JRE) vulnerability: CVE-2010-4476
2013-09-11 00:00:00
SOL12826 - Java Runtime Environment (JRE) vulnerability: CVE-2010-4476
2011-05-09 00:00:00
centos
centos
java security update
2011-04-14 14:31:40
tomcat5 security update
2011-04-14 14:58:50
cisa
cisa
Oracle Releases Security Alert for Java Runtime Environment
2011-02-10 00:00:00
ibm
ibm
Security Bulletin: Denial of Service Security Exposure with Java causes JRE/JDK hang (CVE-2010-4476)
2020-09-10 15:43:59
Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator
2021-10-06 14:56:49
seebug
seebug
IBM WebSphere Application Serverๆœช้ชŒ่ฏ่ฎฟ้—ฎๆผๆดž
2011-04-02 00:00:00
debian
debian
[SECURITY] [DSA 2161-1] OpenJDK security update
2011-02-13 20:27:08
[SECURITY] [DSA 2161-2] OpenJDK security update
2011-02-14 20:05:54
[SECURITY] [DSA 2160-1] tomcat6 security update
2011-02-13 18:36:11
fedora
fedora
[SECURITY] Fedora 13 Update: java-1.6.0-openjdk-1.6.0.0-50.1.8.6.fc13
2011-02-13 08:49:15
[SECURITY] Fedora 14 Update: java-1.6.0-openjdk-1.6.0.0-52.1.9.6.fc14
2011-02-13 08:50:21
[SECURITY] Fedora 14 Update: tomcat6-6.0.26-27.fc14
2011-10-20 09:55:07
ubuntu
ubuntu
Tomcat vulnerabilities
2011-03-29 00:00:00
OpenJDK 6 vulnerabilities
2011-03-17 00:00:00
OpenJDK 6 vulnerabilities
2011-03-01 00:00:00
suse
suse
remote code execution in java-1_4_2-ibm
2011-05-13 13:10:27
Security update for IBM Java 1.4.2 (important)
2011-07-22 05:08:11
remote code execution in java-1_6_0-ibm,java-1_5_0-ibm,java-1_4_2-ibm
2011-03-22 13:32:34
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2012-06-24 00:00:00
vmware
vmware
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.041 Low

EPSS

Percentile

91.2%

JSON
Related for RHSA-2011:0335
openvas67oraclelinux4nessus59redhat13github2ubuntucve2tomcat2osv3securityvulns6prion2cve2veracode1jvn4checkpoint_security1f52centos2cisa1ibm2seebug1debian3fedora9ubuntu4suse4gentoo1vmware2