virus logo FortiClient Vulnerability

Apache Tomcat CVE-2011-2526 Input Validation Bypass Vulnerability

description-logoDescription

Tomcat provides support for sendfile with the HTTP NIO and HTTP APR connectors. sendfile is used automatically for content served via the DefaultServlet and deployed web applications may use it directly via setting request attributes. These request attributes were not validated. When running under a security manager, this lack of validation allowed a malicious web application to do one or more of the following that would normally be prevented by a security manager:

affected-products-logoAffected Applications

Apache Tomcat

CVE References

CVE-2011-2526

Other References

http://tomcat.apache.org/security.html
ID 43248
Created Jan 17, 2020
Description
Updated		 Dec 14, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor Apache
Patch manual
Application Apache Tomcat