Tomcat fix for security vulnerability CVE-2010-3718 , CVE-2011-2526 and CVE-2011-0534
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
Tomcat has provided a fix to address this security vulnerability CVE-2010-3718 , CVE-2011-2526 and CVE-2011-0534. The fix jars have been built for WebSphere Application Server Community Edition version 184.108.40.206 as recommended by tomcat.
The following JAR contains the patch for the Tomcat catalina library v6.0.29 which is used by WebSphere Application Server Community Edition v220.127.116.11. The fixed JAR can be replaced in WebSphere Application Server Community Edition v18.104.22.168 installations.
- Stop the server if it is running and replace the JAR as specified below:
- Backup the existing one and replace with the new fix JAR from the following directory of the WebSphere Application Server Community Edition v22.214.171.124 installation:
More support for:
WebSphere Application Server Community Edition
Software version: 126.96.36.199
Operating system(s): AIX, Linux, Solaris, Windows
Software edition: Elite, Enhanced, Entry
Reference #: 1507512
Modified date: 19 January 2012