Launchpad.net

CVE 2011-0534

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

Related bugs and status

CVE-2011-0534 (Candidate) is related to these bugs:

Bug #714239: Tomcat6 version below 6.0.32 can be easily brought down

		In	Importance	Status
714239	Tomcat6 version below 6.0.32 can be easily brought down	tomcat6 (Ubuntu)	Undecided	Fix Released
714239	Tomcat6 version below 6.0.32 can be easily brought down	tomcat6 (Ubuntu Karmic)	Medium	Fix Released
714239	Tomcat6 version below 6.0.32 can be easily brought down	tomcat6 (Ubuntu Lucid)	Medium	Fix Released
714239	Tomcat6 version below 6.0.32 can be easily brought down	tomcat6 (Ubuntu Natty)	Undecided	Fix Released
714239	Tomcat6 version below 6.0.32 can be easily brought down	tomcat6 (Ubuntu Maverick)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://tomcat.apache.o...
BID: 46164
OSVDB: 70809
SECTRACK: 1025027
VUPEN: ADV-2011-0293
DEBIAN: DSA-2160
SECUNIA: 43192
SREASON: 8074
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2011-10-12-3
CONFIRM: http://support.novell....
SECUNIA: 45022
SUSE: SUSE-SR:2011:005
SECUNIA: 57126
CONFIRM: http://tomcat.apache.o...
HP: HPSBST02955
XF: tomcat-nio-connector-d...
BUGTRAQ: 20110205 [SECURITY] CV...