VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-7ej8-5f77-cybb

Essentials
Severities (50)
References (76)
Severity details (41)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-7ej8-5f77-cybb
Aliases	CVE-2011-0534 GHSA-43v2-6grp-9pp9
Summary	Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-399	Resource Management Errors
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.5	http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
generic_textual	HIGH	http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
cvssv3.1	7.5	http://marc.info/?l=bugtraq&m=139344343412337&w=2
generic_textual	HIGH	http://marc.info/?l=bugtraq&m=139344343412337&w=2
epss	0.16272	https://api.first.org/data/v1/epss?cve=CVE-2011-0534
epss	0.16272	https://api.first.org/data/v1/epss?cve=CVE-2011-0534
epss	0.16272	https://api.first.org/data/v1/epss?cve=CVE-2011-0534
epss	0.16272	https://api.first.org/data/v1/epss?cve=CVE-2011-0534
epss	0.16272	https://api.first.org/data/v1/epss?cve=CVE-2011-0534
epss	0.16272	https://api.first.org/data/v1/epss?cve=CVE-2011-0534
epss	0.16272	https://api.first.org/data/v1/epss?cve=CVE-2011-0534
epss	0.16272	https://api.first.org/data/v1/epss?cve=CVE-2011-0534
epss	0.16272	https://api.first.org/data/v1/epss?cve=CVE-2011-0534
apache_tomcat	Important	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534
cvssv3.1	7.5	https://exchange.xforce.ibmcloud.com/vulnerabilities/65162
generic_textual	HIGH	https://exchange.xforce.ibmcloud.com/vulnerabilities/65162
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-43v2-6grp-9pp9
cvssv3.1	7.5	https://github.com/apache/tomcat
generic_textual	HIGH	https://github.com/apache/tomcat
cvssv3.1	7.5	https://github.com/apache/tomcat/commit/008447095ce8c3a8f713093d5e618f3f06f94ea8
generic_textual	HIGH	https://github.com/apache/tomcat/commit/008447095ce8c3a8f713093d5e618f3f06f94ea8
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2011-0534
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2011-0534
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2011-0534
cvssv3.1	7.5	https://support.apple.com/kb/HT5002
generic_textual	HIGH	https://support.apple.com/kb/HT5002
cvssv3.1	7.5	http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
generic_textual	HIGH	http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
cvssv3.1	7.5	https://web.archive.org/web/20110801035315/http://secunia.com/advisories/45022
generic_textual	HIGH	https://web.archive.org/web/20110801035315/http://secunia.com/advisories/45022
cvssv3.1	7.5	https://web.archive.org/web/20120120085637/http://securityreason.com/securityalert/8074
generic_textual	HIGH	https://web.archive.org/web/20120120085637/http://securityreason.com/securityalert/8074
cvssv3.1	7.5	https://web.archive.org/web/20121024140440/http://secunia.com/advisories/43192
generic_textual	HIGH	https://web.archive.org/web/20121024140440/http://secunia.com/advisories/43192
cvssv3.1	7.5	https://web.archive.org/web/20121212040149/http://www.securitytracker.com/id?1025027
generic_textual	HIGH	https://web.archive.org/web/20121212040149/http://www.securitytracker.com/id?1025027
cvssv3.1	7.5	https://web.archive.org/web/20131227020011/http://www.securityfocus.com/bid/46164
generic_textual	HIGH	https://web.archive.org/web/20131227020011/http://www.securityfocus.com/bid/46164
cvssv3.1	7.5	https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126
generic_textual	HIGH	https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126
cvssv3.1	7.5	https://web.archive.org/web/20200517155748/http://www.securityfocus.com/archive/1/516214/100/0/threaded
generic_textual	HIGH	https://web.archive.org/web/20200517155748/http://www.securityfocus.com/archive/1/516214/100/0/threaded
cvssv3.1	7.5	http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.32
generic_textual	HIGH	http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.32
cvssv3.1	7.5	http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_(released_5_Feb_2011)
generic_textual	HIGH	http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_(released_5_Feb_2011)
cvssv3.1	7.5	http://www.debian.org/security/2011/dsa-2160
generic_textual	HIGH	http://www.debian.org/security/2011/dsa-2160

Reference id	Reference type	URL
		http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
		http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
		http://marc.info/?l=bugtraq&m=139344343412337&w=2
		http://osvdb.org/70809
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0534.json
		https://api.first.org/data/v1/epss?cve=CVE-2011-0534
		http://secunia.com/advisories/43192
		http://secunia.com/advisories/45022
		http://secunia.com/advisories/57126
		http://securityreason.com/securityalert/8074
		https://exchange.xforce.ibmcloud.com/vulnerabilities/65162
		https://github.com/apache/tomcat
		https://github.com/apache/tomcat/commit/008447095ce8c3a8f713093d5e618f3f06f94ea8
		https://support.apple.com/kb/HT5002
		https://svn.apache.org/viewvc?view=rev&rev=1065939
		https://svn.apache.org/viewvc?view=rev&rev=1066313
		http://support.apple.com/kb/HT5002
		http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
		https://web.archive.org/web/20110801035315/http://secunia.com/advisories/45022
		https://web.archive.org/web/20120120085637/http://securityreason.com/securityalert/8074
		https://web.archive.org/web/20121024140440/http://secunia.com/advisories/43192
		https://web.archive.org/web/20121212040149/http://www.securitytracker.com/id?1025027
		https://web.archive.org/web/20131227020011/http://www.securityfocus.com/bid/46164
		https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126
		https://web.archive.org/web/20200517155748/http://www.securityfocus.com/archive/1/516214/100/0/threaded
		http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.32
		http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_%28released_5_Feb_2011%29
		http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_(released_5_Feb_2011)
		http://www.debian.org/security/2011/dsa-2160
		http://www.securityfocus.com/archive/1/516214/100/0/threaded
		http://www.securityfocus.com/bid/46164
		http://www.securitytracker.com/id?1025027
		http://www.vupen.com/english/advisories/2011/0293
675338		https://bugzilla.redhat.com/show_bug.cgi?id=675338
cpe:2.3:a:apache:tomcat:6.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.11:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:6.0.13:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.17:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:::::::*
cpe:2.3:a:apache:tomcat:6.0.19:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.20:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.24:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:::::::*
cpe:2.3:a:apache:tomcat:6.0.26:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:::::::*
cpe:2.3:a:apache:tomcat:6.0.27:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.28:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.28:::::::*
cpe:2.3:a:apache:tomcat:6.0.29:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.29:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.30:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.30:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:6.0.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:6.0.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:::::::*
cpe:2.3:a:apache:tomcat:7.0.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:::::::*
cpe:2.3:a:apache:tomcat:7.0.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.6:::::::*
CVE-2011-0534		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534
CVE-2011-0534		https://nvd.nist.gov/vuln/detail/CVE-2011-0534
GHSA-43v2-6grp-9pp9		https://github.com/advisories/GHSA-43v2-6grp-9pp9
GLSA-201206-24		https://security.gentoo.org/glsa/201206-24
RHSA-2011:0335		https://access.redhat.com/errata/RHSA-2011:0335
RHSA-2011:0348		https://access.redhat.com/errata/RHSA-2011:0348
RHSA-2011:0350		https://access.redhat.com/errata/RHSA-2011:0350
USN-1097-1		https://usn.ubuntu.com/1097-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://marc.info/?l=bugtraq&m=139344343412337&w=2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://exchange.xforce.ibmcloud.com/vulnerabilities/65162

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/008447095ce8c3a8f713093d5e618f3f06f94ea8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2011-0534

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2011-0534

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://support.apple.com/kb/HT5002

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://web.archive.org/web/20110801035315/http://secunia.com/advisories/45022

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://web.archive.org/web/20120120085637/http://securityreason.com/securityalert/8074

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://web.archive.org/web/20121024140440/http://secunia.com/advisories/43192

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://web.archive.org/web/20121212040149/http://www.securitytracker.com/id?1025027

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://web.archive.org/web/20131227020011/http://www.securityfocus.com/bid/46164

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://web.archive.org/web/20200517155748/http://www.securityfocus.com/archive/1/516214/100/0/threaded

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.32

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_(released_5_Feb_2011)

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.debian.org/security/2011/dsa-2160

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.94793
EPSS Score	0.16272
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:38:15.790709+00:00	Apache Tomcat Importer	Import	https://tomcat.apache.org/security-7.html	38.0.0

Reference id	Reference type	URL
		http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
		http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
		http://marc.info/?l=bugtraq&m=139344343412337&w=2
		http://osvdb.org/70809
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0534.json
		https://api.first.org/data/v1/epss?cve=CVE-2011-0534
		http://secunia.com/advisories/43192
		http://secunia.com/advisories/45022
		http://secunia.com/advisories/57126
		http://securityreason.com/securityalert/8074
		https://exchange.xforce.ibmcloud.com/vulnerabilities/65162
		https://github.com/apache/tomcat
		https://github.com/apache/tomcat/commit/008447095ce8c3a8f713093d5e618f3f06f94ea8
		https://support.apple.com/kb/HT5002
		https://svn.apache.org/viewvc?view=rev&rev=1065939
		https://svn.apache.org/viewvc?view=rev&rev=1066313
		http://support.apple.com/kb/HT5002
		http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html
		https://web.archive.org/web/20110801035315/http://secunia.com/advisories/45022
		https://web.archive.org/web/20120120085637/http://securityreason.com/securityalert/8074
		https://web.archive.org/web/20121024140440/http://secunia.com/advisories/43192
		https://web.archive.org/web/20121212040149/http://www.securitytracker.com/id?1025027
		https://web.archive.org/web/20131227020011/http://www.securityfocus.com/bid/46164
		https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126
		https://web.archive.org/web/20200517155748/http://www.securityfocus.com/archive/1/516214/100/0/threaded
		http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.32
		http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_%28released_5_Feb_2011%29
		http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.8_(released_5_Feb_2011)
		http://www.debian.org/security/2011/dsa-2160
		http://www.securityfocus.com/archive/1/516214/100/0/threaded
		http://www.securityfocus.com/bid/46164
		http://www.securitytracker.com/id?1025027
		http://www.vupen.com/english/advisories/2011/0293
675338		https://bugzilla.redhat.com/show_bug.cgi?id=675338
cpe:2.3:a:apache:tomcat:6.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.11:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:6.0.13:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.17:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:::::::*
cpe:2.3:a:apache:tomcat:6.0.19:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.20:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.24:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:::::::*
cpe:2.3:a:apache:tomcat:6.0.26:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:::::::*
cpe:2.3:a:apache:tomcat:6.0.27:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.28:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.28:::::::*
cpe:2.3:a:apache:tomcat:6.0.29:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.29:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.30:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.30:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:6.0.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:6.0.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:::::::*
cpe:2.3:a:apache:tomcat:7.0.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:::::::*
cpe:2.3:a:apache:tomcat:7.0.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.6:::::::*
CVE-2011-0534		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534
CVE-2011-0534		https://nvd.nist.gov/vuln/detail/CVE-2011-0534
GHSA-43v2-6grp-9pp9		https://github.com/advisories/GHSA-43v2-6grp-9pp9
GLSA-201206-24		https://security.gentoo.org/glsa/201206-24
RHSA-2011:0335		https://access.redhat.com/errata/RHSA-2011:0335
RHSA-2011:0348		https://access.redhat.com/errata/RHSA-2011:0348
RHSA-2011:0350		https://access.redhat.com/errata/RHSA-2011:0350
USN-1097-1		https://usn.ubuntu.com/1097-1/