CVE-2011-2526

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 5.5.x through 5.5.33 Apache Tomcat versions 6.x through 6.0.32 Apache Tomcat versions 7.x through 7.0.18

Description The issue allows local users to bypass intended file access restrictions or cause a denial of service by leveraging an untrusted web application when sendfile is enabled for the HTTP APR or HTTP NIO connector. This occurs because certain request attributes are not validated, which can be exploited by a malicious web application to return inaccessible files or terminate the JVM. The vulnerabilities are only present when untrusted web applications are used, the SecurityManager is used to limit these applications, and the HTTP NIO or HTTP APR connector is used with sendfile enabled.

Recommendations For Apache Tomcat versions 5.5.x through 5.5.33, update to version 5.5.34 or later to resolve the issue. For Apache Tomcat versions 6.x through 6.0.32, update to version 6.0.33 or later to resolve the issue. For Apache Tomcat versions 7.x through 7.0.18, update to version 7.0.19 or later to resolve the issue. As a temporary workaround, consider disabling the sendfile feature for the HTTP APR and HTTP NIO connectors until a patch is available.