High severityNVD Advisory· Published Feb 10, 2011· Updated Jun 16, 2026
CVE-2011-0534
CVE-2011-0534
Description
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.tomcat:tomcatMaven | >= 6.0.0, < 6.0.32 | 6.0.32 |
org.apache.tomcat:tomcatMaven | >= 7.0.0, < 7.0.8 | 7.0.8 |
Affected products
35cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*+ 33 more
- cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
30- tomcat.apache.org/security-6.htmlnvdPatchVendor AdvisoryWEB
- www.vupen.com/english/advisories/2011/0293nvdVendor Advisory
- github.com/advisories/GHSA-43v2-6grp-9pp9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-0534ghsaADVISORY
- lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlnvdWEB
- lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlnvdWEB
- marc.infonvdWEB
- support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.htmlnvdWEB
- tomcat.apache.org/security-7.htmlghsaWEB
- www.debian.org/security/2011/dsa-2160nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/65162nvdWEB
- github.com/apache/tomcat/commit/008447095ce8c3a8f713093d5e618f3f06f94ea8ghsaWEB
- support.apple.com/kb/HT5002ghsaWEB
- web.archive.org/web/20110801035315/http://secunia.com/advisories/45022ghsaWEB
- web.archive.org/web/20120120085637/http://securityreason.com/securityalert/8074ghsaWEB
- web.archive.org/web/20121024140440/http://secunia.com/advisories/43192ghsaWEB
- web.archive.org/web/20121212040149/http://www.securitytracker.com/idghsaWEB
- web.archive.org/web/20131227020011/http://www.securityfocus.com/bid/46164ghsaWEB
- web.archive.org/web/20151017023138/http://secunia.com/advisories/57126ghsaWEB
- web.archive.org/web/20200517155748/http://www.securityfocus.com/archive/1/516214/100/0/threadedghsaWEB
- osvdb.org/70809nvd
- secunia.com/advisories/43192nvd
- secunia.com/advisories/45022nvd
- secunia.com/advisories/57126nvd
- securityreason.com/securityalert/8074nvd
- support.apple.com/kb/HT5002nvd
- tomcat.apache.org/security-7.htmlnvd
- www.securityfocus.com/archive/1/516214/100/0/threadednvd
- www.securityfocus.com/bid/46164nvd
- www.securitytracker.com/idnvd
News mentions
0No linked articles in our index yet.