Apache Tomcat NIO HTTP Connector Denial of Service Vulnerability

Apache Tomcat NIO HTTP Connector Denial of Service Vulnerability

CVE-2011-0534 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

Learn more about our Cis Benchmark Audit For Apache Tomcat.