REDHAT-BUG-720948
First published: Wed Jul 13 2011(Updated: )
The Tomcat sendfile support (when HTTP APR or HTTP NIO connectors are enabled) allows to send large static files. These writes, as soon as the system load increases, will be performed asynchronously in the most efficient way. It was found that Tomcat, the Apache Servlet/JSP Engine, did not properly sanitize arguments provided to sendfile call methods, when a web application was running under the security manager: 1) such application could use the sendfile support to expose server files, that should be made inaccessible by the security manager, 2) when HTTP APR/native connector was used, such application could specify invalid sendfile start/end points and trigger a JVM crash.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tomcat |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://tomcat.apache.org/security-5.html
- http://tomcat.apache.org/security-6.html
- http://people.apache.org/~markt/patches/2011-07-13-cve-2011-2526-tc5.patch
- http://people.apache.org/~markt/patches/2011-07-13-cve-2011-2526-tc6.patch
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=721087
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=721086
- http://svn.apache.org/viewvc?view=revision&revision=1158244
- http://svn.apache.org/viewvc?view=revision&revision=1146703
- https://rhn.redhat.com/errata/RHSA-2011-1780.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=720948#c28
- https://rhn.redhat.com/errata/RHSA-2012-0041.html
- https://rhn.redhat.com/errata/RHSA-2012-0078.html
- https://rhn.redhat.com/errata/RHSA-2012-0077.html
- https://rhn.redhat.com/errata/RHSA-2012-0076.html
- https://rhn.redhat.com/errata/RHSA-2012-0075.html
- https://rhn.redhat.com/errata/RHSA-2012-0074.html
- https://rhn.redhat.com/errata/RHSA-2012-0091.html
- https://rhn.redhat.com/errata/RHSA-2012-0325.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=720948#c38
- https://rhn.redhat.com/errata/RHSA-2012-0680.html
- https://rhn.redhat.com/errata/RHSA-2012-0679.html
- https://rhn.redhat.com/errata/RHSA-2012-0681.html
- https://rhn.redhat.com/errata/RHSA-2012-0682.html
- https://bugzilla.redhat.com/show_bug.cgi?id=720948
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-2526
- agent/severity
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/tomcat