CVE-2011-2526

MEDIUM

Description

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.

References

http://marc.info/?l=bugtraq&m=132215163318824&w=2

http://marc.info/?l=bugtraq&m=133469267822771&w=2

http://marc.info/?l=bugtraq&m=136485229118404&w=2

http://marc.info/?l=bugtraq&m=139344343412337&w=2

http://osvdb.org/73797

http://osvdb.org/73798

http://rhn.redhat.com/errata/RHSA-2012-0074.html

http://rhn.redhat.com/errata/RHSA-2012-0075.html

http://rhn.redhat.com/errata/RHSA-2012-0076.html

http://rhn.redhat.com/errata/RHSA-2012-0077.html

http://rhn.redhat.com/errata/RHSA-2012-0078.html

http://rhn.redhat.com/errata/RHSA-2012-0325.html

http://secunia.com/advisories/45232

http://secunia.com/advisories/48308

http://secunia.com/advisories/57126

http://svn.apache.org/viewvc?view=revision&revision=1145383

http://svn.apache.org/viewvc?view=revision&revision=1145571

http://svn.apache.org/viewvc?view=revision&revision=1145694

http://svn.apache.org/viewvc?view=revision&revision=1146005

http://tomcat.apache.org/security-5.html

http://tomcat.apache.org/security-6.html

http://tomcat.apache.org/security-7.html

http://www.debian.org/security/2012/dsa-2401

http://www.mandriva.com/security/advisories?name=MDVSA-2011:156

http://www.securityfocus.com/archive/1/518889/100/0/threaded

http://www.securityfocus.com/bid/48667

http://www.securitytracker.com/id?1025788

https://bugzilla.redhat.com/show_bug.cgi?id=720948

https://exchange.xforce.ibmcloud.com/vulnerabilities/68541

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14573

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19514

Details

Source: MITRE

Published: 2011-07-14

Updated: 2019-03-25

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 4.4

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.4

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
78925RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0682)NessusRed Hat Local Security Checks
high
78924RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0680)NessusRed Hat Local Security Checks
high
76034openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0988-1)NessusSuSE Local Security Checks
medium
75762openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0988-1)NessusSuSE Local Security Checks
medium
68399Oracle Linux 6 : tomcat6 (ELSA-2011-1780)NessusOracle Linux Local Security Checks
high
64022RHEL 5 / 6 : jbossweb (RHSA-2012:0074)NessusRed Hat Local Security Checks
medium
61184Scientific Linux Security Update : tomcat6 on SL6.xNessusScientific Linux Local Security Checks
high
59677GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
57812Debian DSA-2401-1 : tomcat6 - several vulnerabilitiesNessusDebian Local Security Checks
high
57374CentOS 6 : tomcat6 (CESA-2011:1780)NessusCentOS Local Security Checks
high
57255SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7689)NessusSuSE Local Security Checks
medium
57023RHEL 6 : tomcat6 (RHSA-2011:1780)NessusRed Hat Local Security Checks
high
56746Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : tomcat6 vulnerabilities (USN-1252-1)NessusUbuntu Local Security Checks
high
56573Fedora 14 : tomcat6-6.0.26-27.fc14 (2011-13457)NessusFedora Local Security Checks
high
56551Mandriva Linux Security Advisory : tomcat5 (MDVSA-2011:156)NessusMandriva Local Security Checks
high
56301Apache Tomcat 5.5.x < 5.5.34 Multiple VulnerabilitiesNessusWeb Servers
high
56035SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7688)NessusSuSE Local Security Checks
medium
800602Apache Tomcat 6.0.x < 6.0.33 Multiple VulnerabilitiesLog Correlation EngineWeb Servers
medium
6018Apache Tomcat 6.0.x < 6.0.33 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
56008Apache Tomcat 6.0.x < 6.0.33 Multiple VulnerabilitiesNessusWeb Servers
medium
55759Apache Tomcat 7.x < 7.0.17 Multiple VulnerabilitiesNessusWeb Servers
medium
800597Apache Tomcat 7.0.x < 7.0.19 Multiple VulnerabilitiesLog Correlation EngineWeb Servers
medium
5996Apache Tomcat 7.0.x < 7.0.17 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium