CVE ID:	CVE-2011-2526
Description:	Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
Test IDs:	1.3.6.1.4.1.25623.1.0.870651   1.3.6.1.4.1.25623.1.0.70718   1.3.6.1.4.1.25623.1.0.881445   1.3.6.1.4.1.25623.1.0.122047   1.3.6.1.4.1.25623.1.0.70475   1.3.6.1.4.1.25623.1.0.70534   1.3.6.1.4.1.25623.1.0.103248
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2526 1025788 http://www.securitytracker.com/id?1025788 20110713 [SECURITY] CVE-2011-2526 Apache Tomcat Information disclosure and availability vulnerabilities http://www.securityfocus.com/archive/1/518889/100/0/threaded 45232 http://secunia.com/advisories/45232 48308 http://secunia.com/advisories/48308 48667 http://www.securityfocus.com/bid/48667 57126 http://secunia.com/advisories/57126 73797 http://osvdb.org/73797 73798 http://osvdb.org/73798 DSA-2401 http://www.debian.org/security/2012/dsa-2401 HPSBOV02762 http://marc.info/?l=bugtraq&m=133469267822771&w=2 HPSBST02955 http://marc.info/?l=bugtraq&m=139344343412337&w=2 HPSBUX02725 http://marc.info/?l=bugtraq&m=132215163318824&w=2 HPSBUX02860 http://marc.info/?l=bugtraq&m=136485229118404&w=2 MDVSA-2011:156 http://www.mandriva.com/security/advisories?name=MDVSA-2011:156 RHSA-2012:0074 http://rhn.redhat.com/errata/RHSA-2012-0074.html RHSA-2012:0075 http://rhn.redhat.com/errata/RHSA-2012-0075.html RHSA-2012:0076 http://rhn.redhat.com/errata/RHSA-2012-0076.html RHSA-2012:0077 http://rhn.redhat.com/errata/RHSA-2012-0077.html RHSA-2012:0078 http://rhn.redhat.com/errata/RHSA-2012-0078.html RHSA-2012:0325 http://rhn.redhat.com/errata/RHSA-2012-0325.html SSRT100627 http://marc.info/?l=bugtraq&m=132215163318824&w=2 SSRT100825 http://marc.info/?l=bugtraq&m=133469267822771&w=2 SSRT101146 http://marc.info/?l=bugtraq&m=136485229118404&w=2 [tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E http://svn.apache.org/viewvc?view=revision&revision=1145383 http://svn.apache.org/viewvc?view=revision&revision=1145383 http://svn.apache.org/viewvc?view=revision&revision=1145571 http://svn.apache.org/viewvc?view=revision&revision=1145571 http://svn.apache.org/viewvc?view=revision&revision=1145694 http://svn.apache.org/viewvc?view=revision&revision=1145694 http://svn.apache.org/viewvc?view=revision&revision=1146005 http://svn.apache.org/viewvc?view=revision&revision=1146005 http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-7.html https://bugzilla.redhat.com/show_bug.cgi?id=720948 https://bugzilla.redhat.com/show_bug.cgi?id=720948 oval:org.mitre.oval:def:14573 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14573 oval:org.mitre.oval:def:19514 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19514 tomcat-sendfile-info-disclosure(68541) https://exchange.xforce.ibmcloud.com/vulnerabilities/68541