Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Apache Tomcat
Опубликовано:8 февраля 2011 г.
Источник:
SecurityVulns ID:11406
Тип:удаленная
Уровень опасности:
6/10
Описание:Повышение привилегий, DoS, межсайтовый скриптинг.
Затронутые продукты:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
 APACHE : Tomcat 7.0
CVE:CVE-2011-0534 (Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.)
 CVE-2011-0013 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Software Foundation Tomcat 7.0 before 7.0.6, 5.5 before 5.5.32, and 6.0 before 6.0.30 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.)
 CVE-2010-3718 (Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.)
Оригинальный текстdocumentAPACHE, [SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability (08.02.2011)
 documentAPACHE, [SECURITY] CVE-2011-0534 Apache Tomcat DoS vulnerability (08.02.2011)
 documentAPACHE, [SECURITY] Oracle JVM bug causes denial of service in Apache Tomcat (08.02.2011)
 documentAPACHE, [SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions (08.02.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород