{"id":"GHSA-43v2-6grp-9pp9","summary":"Apache Tomcat does not enforce the maxHttpHeaderSize limit","details":"Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.","aliases":["CVE-2011-0534"],"modified":"2024-02-21T23:41:46.803859Z","published":"2022-05-14T02:56:35Z","database_specific":{"github_reviewed_at":"2024-02-21T23:28:16Z","nvd_published_at":"2011-02-10T18:00:00Z","cwe_ids":[],"github_reviewed":true,"severity":"HIGH"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0534"},{"type":"WEB","url":"https://github.com/apache/tomcat/commit/008447095ce8c3a8f713093d5e618f3f06f94ea8"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65162"},{"type":"PACKAGE","url":"https://github.com/apache/tomcat"},{"type":"WEB","url":"https://support.apple.com/kb/HT5002"},{"type":"WEB","url":"https://web.archive.org/web/20110801035315/http://secunia.com/advisories/45022"},{"type":"WEB","url":"https://web.archive.org/web/20120120085637/http://securityreason.com/securityalert/8074"},{"type":"WEB","url":"https://web.archive.org/web/20121024140440/http://secunia.com/advisories/43192"},{"type":"WEB","url":"https://web.archive.org/web/20121212040149/http://www.securitytracker.com/id?1025027"},{"type":"WEB","url":"https://web.archive.org/web/20131227020011/http://www.securityfocus.com/bid/46164"},{"type":"WEB","url":"https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126"},{"type":"WEB","url":"https://web.archive.org/web/20200517155748/http://www.securityfocus.com/archive/1/516214/100/0/threaded"},{"type":"WEB","url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"},{"type":"WEB","url":"http://marc.info/?l=bugtraq&m=139344343412337&w=2"},{"type":"WEB","url":"http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html"},{"type":"WEB","url":"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.32"},{"type":"WEB","url":"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_(released_5_Feb_2011)"},{"type":"WEB","url":"http://www.debian.org/security/2011/dsa-2160"}],"affected":[{"package":{"name":"org.apache.tomcat:tomcat","ecosystem":"Maven","purl":"pkg:maven/org.apache.tomcat/tomcat"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.0.0"},{"fixed":"6.0.32"}]}],"database_specific":{"last_known_affected_version_range":"\u003c= 6.0.30","source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-43v2-6grp-9pp9/GHSA-43v2-6grp-9pp9.json"}},{"package":{"name":"org.apache.tomcat:tomcat","ecosystem":"Maven","purl":"pkg:maven/org.apache.tomcat/tomcat"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"7.0.0"},{"fixed":"7.0.8"}]}],"database_specific":{"last_known_affected_version_range":"\u003c= 7.0.6","source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-43v2-6grp-9pp9/GHSA-43v2-6grp-9pp9.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}