Tomcat fix for security vulnerability CVE-2011-0534

Flashes (Alerts)

Abstract

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

Content

Tomcat has provided a fix to address this security vulnerability CVE-2011-0534. The fix jars have been built for WebSphere Application Server Community Edition version 2.1.1.5 as recommended by tomcat.

The following JAR contains the patch for the Tomcat catalina library v6.0.29 which is used by WebSphere Application Server Community Edition v2.1.1.5. The fixed JAR can be replaced in WebSphere Application Server Community Edition v2.1.1.5 installations.

Stop the server if it is running and replace the JAR as specified below:

`catalina-6.0.29.0.jar`

Backup the existing one and replace with the new fix JAR from the following directory of the WebSphere Application Server Community Edition v2.1.1.5 installation:

`<WASCE_HOME>\repository\org\apache\geronimo\ext\tomcat\catalina\ 6.0.29.0`

catalina-6.0.29.0.jar

[{"Product":{"code":"SS6JMN","label":"WebSphere Application Server Community Edition"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"2.1.1.5","Edition":"Entry;Enhanced;Elite","Line of Business":{"code":"LOB45","label":"Automation"}}]

Tips

Tomcat fix for security vulnerability CVE-2011-0534

Flashes (Alerts)

Abstract

Content

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?