Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2011-07-14T23:00:00
Updated: 2024-08-06T23:00:34.252Z
Reserved: 2011-06-15T00:00:00
Link: CVE-2011-2526
Vulnrichment
No data.
NVD
Status : Modified
Published: 2011-07-14T23:55:06.020
Modified: 2024-11-21T01:28:27.920
Link: CVE-2011-2526
Redhat