Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability

Bugtraq ID: 48667
Class: Design Error
CVE: CVE-2011-2526
Remote: Yes
Local: No
Published: Jul 13 2011 12:00AM
Updated: Apr 13 2015 10:17PM
Credit: Disclosed by the vendor.
Vulnerable: Xerox FreeFlow Print Server (FFPS) 73.C0.41
Xerox FreeFlow Print Server (FFPS) 73.B3.61
Ubuntu Ubuntu Linux 11.10 i386
Ubuntu Ubuntu Linux 11.10 amd64
Ubuntu Ubuntu Linux 11.04 powerpc
Ubuntu Ubuntu Linux 11.04 i386
Ubuntu Ubuntu Linux 11.04 ARM
Ubuntu Ubuntu Linux 11.04 amd64
Ubuntu Ubuntu Linux 10.10 powerpc
Ubuntu Ubuntu Linux 10.10 i386
Ubuntu Ubuntu Linux 10.10 ARM
Ubuntu Ubuntu Linux 10.10 amd64
Ubuntu Ubuntu Linux 10.04 sparc
Ubuntu Ubuntu Linux 10.04 powerpc
Ubuntu Ubuntu Linux 10.04 i386
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 10.04 amd64
Sun Solaris 9_x86
Sun Solaris 9_sparc
Redhat JBoss Enterprise Web Server for RHEL 6 1.0
Redhat JBoss Enterprise Web Server for RHEL 5 Server 1.0
Redhat JBoss Enterprise Application Platform for RHEL 6 Server 5
Redhat JBoss Enterprise Application Platform for RHEL 5 Server 5
Redhat JBoss Enterprise Application Platform for RHEL 4ES 5
Redhat JBoss Enterprise Application Platform for RHEL 4AS 5
Redhat JBoss Communications Platform 5.1.2
Redhat Enterprise Linux Workstation Optional 6
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server Optional 6
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node Optional 6
Redhat Enterprise Linux Desktop Optional 6
Oracle Enterprise Linux 6
Mandriva Linux Mandrake 2010.1 x86_64
Mandriva Linux Mandrake 2010.1
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
IBM WebSphere Application Server Community Edition 2.1.1.5
IBM Storwize V7000 Unified 1.3.2 0
IBM Storwize V7000 Unified 1.3.1.0
IBM Storwize V7000 Unified 1.3.0.5
IBM Storwize V7000 Unified 1.3.0.0
IBM Rational Policy Tester 8.5.0.1
IBM Rational Policy Tester 8.5
IBM Rational Policy Tester 8.0
IBM Rational AppScan Enterprise 8.6
IBM Rational AppScan Enterprise 8.5.0.1
IBM Rational AppScan Enterprise 8.0.1.1
IBM Rational AppScan Enterprise 8.0.1
IBM Rational AppScan Enterprise 8.0.0.1
IBM Rational AppScan Enterprise 8.0.0
HP XP P9000 Performance Advisor 5.4.1
HP OpenVMS Secure Web Server 7.3 -2
HP OpenVMS Secure Web Server 7.3 -1
HP OpenVMS Secure Web Server 7.3
HP OpenVMS Secure Web Server 7.2 -2
HP OpenVMS Secure Web Server 1.2
HP OpenVMS Secure Web Server 1.1 -1
HP OpenVMS Secure Web Server 2.2
HP OpenVMS Secure Web Server 2.1-1
HP HP-UX Web Server Suite 3.22
HP HP-UX Web Server Suite 3.21
HP HP-UX Web Server Suite 3.18
HP HP-UX Web Server Suite 3.17
HP HP-UX B.11.31
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
CTERA Networks CTERA Portal 3.1
Avaya Voice Portal 5.1.1
Avaya Voice Portal 5.1 SP1
Avaya Voice Portal 5.1
Avaya Voice Portal 5.1
Avaya Voice Portal 5.0 SP2
Avaya Voice Portal 5.0 SP1
Avaya Voice Portal 5.0
Avaya IQ 5.2
Avaya IQ 5.1.1
Avaya IQ 5.1
Avaya IQ 5
Avaya IQ 4.2
Avaya Communication Server 1000M Signaling Server 7.5
Avaya Communication Server 1000M Signaling Server 7.0
Avaya Communication Server 1000M Signaling Server 6.0
Avaya Communication Server 1000M 7.5
Avaya Communication Server 1000M 7.0
Avaya Communication Server 1000M 6.0
Avaya Communication Server 1000E Signaling Server 7.5
Avaya Communication Server 1000E Signaling Server 7.0
Avaya Communication Server 1000E Signaling Server 6.0
Avaya Communication Server 1000E 7.5
Avaya Communication Server 1000E 7.0
Avaya Communication Server 1000E 6.0
Avaya Aura System Platform 6.0
Avaya Aura System Platform 1.0
Avaya Aura System Manager 6.1.3
Avaya Aura System Manager 6.1.2
Avaya Aura System Manager 6.1.1
Avaya Aura System Manager 6.1 SP2
Avaya Aura System Manager 6.1 Sp1
Avaya Aura System Manager 6.1
Avaya Aura System Manager 6.0 SP1
Avaya Aura System Manager 6.0
Avaya Aura System Manager 5.2
Avaya Aura Session Manager 6.1.3
Avaya Aura Session Manager 6.1.2
Avaya Aura Session Manager 6.1.1
Avaya Aura Session Manager 6.1 SP2
Avaya Aura Session Manager 6.1 Sp1
Avaya Aura Session Manager 6.1
Avaya Aura Session Manager 6.0 SP1
Avaya Aura Session Manager 6.0
Avaya Aura Session Manager 5.2
Avaya Aura Session Manager 1.1
Avaya Aura Presence Services 6.1.1
Avaya Aura Presence Services 6.1
Avaya Aura Presence Services 6.0
Avaya Aura Application Server 5300 SIP Core 2.0
Avaya Aura Application Enablement Services 5.2.1
Avaya Aura Application Enablement Services 6.1.1
Avaya Aura Application Enablement Services 6.1
Avaya Aura Application Enablement Services 5.2.3
Avaya Aura Application Enablement Services 5.2.2
Avaya Aura Application Enablement Services 5.2
Apache Tomcat 7.0.15
Apache Tomcat 7.0.14
Apache Tomcat 7.0.13
Apache Tomcat 7.0.12
Apache Tomcat 7.0.9
Apache Tomcat 7.0.8
Apache Tomcat 7.0.7
Apache Tomcat 7.0.6
Apache Tomcat 7.0.4
Apache Tomcat 7.0.3
Apache Tomcat 7.0.2
Apache Tomcat 7.0.1
Apache Tomcat 7.0 beta
Apache Tomcat 7.0
Apache Tomcat 6.0.32
Apache Tomcat 6.0.29
Apache Tomcat 6.0.28
Apache Tomcat 6.0.27
Apache Tomcat 6.0.26
Apache Tomcat 6.0.25
Apache Tomcat 6.0.24
Apache Tomcat 6.0.20
Apache Tomcat 6.0.18
Apache Tomcat 6.0.17
Apache Tomcat 6.0.16
Apache Tomcat 6.0.15
Apache Tomcat 6.0.14
Apache Tomcat 6.0.13
Apache Tomcat 6.0.12
Apache Tomcat 6.0.11
Apache Tomcat 6.0.10
Apache Tomcat 6.0.9
Apache Tomcat 6.0.8
Apache Tomcat 6.0.7
Apache Tomcat 6.0.6
Apache Tomcat 6.0.5
Apache Tomcat 6.0.4
Apache Tomcat 6.0.3
Apache Tomcat 6.0.2
Apache Tomcat 6.0.1
Apache Tomcat 6.0
Apache Tomcat 5.5.32
Apache Tomcat 5.5.30
Apache Tomcat 5.5.29
Apache Tomcat 5.5.28
Apache Tomcat 5.5.27
Apache Tomcat 5.5.26
Apache Tomcat 5.5.25
Apache Tomcat 5.5.24
Apache Tomcat 5.5.23
Apache Tomcat 5.5.22
Apache Tomcat 5.5.21
Apache Tomcat 5.5.20
Apache Tomcat 5.5.19
Apache Tomcat 5.5.18
Apache Tomcat 5.5.17
Apache Tomcat 5.5.16
Apache Tomcat 5.5.15
Apache Tomcat 5.5.14
Apache Tomcat 5.5.13
Apache Tomcat 5.5.12
Apache Tomcat 5.5.11
Apache Tomcat 5.5.10
Apache Tomcat 5.5.9
Apache Tomcat 5.5.8
Apache Tomcat 5.5.7
Apache Tomcat 5.5.6
Apache Tomcat 5.5.5
Apache Tomcat 5.5.4
Apache Tomcat 5.5.3
Apache Tomcat 5.5.2
Apache Tomcat 5.5.1
Apache Tomcat 5.5
Apache Tomcat 7.0.5
Apache Tomcat 7.0.18
Apache Tomcat 7.0.17
Apache Tomcat 7.0.11
Apache Tomcat 7.0.10
Apache Tomcat 7.0
Apache Tomcat 6.0.32
Apache Tomcat 6.0.31
Apache Tomcat 6.0.30
Apache Tomcat 6.0.29
Apache Tomcat 6.0.19
Apache Tomcat 5.5.33
Apache Tomcat 5.5.33
Apache Tomcat 5.5.31
Apache Geronimo 2.1.7
Apache Geronimo 2.1.6
Apache Geronimo 2.1.5
Apache Geronimo 2.1.4
Apache Geronimo 2.1.3
Apache Geronimo 2.1.2
Apache Geronimo 2.1.1
Apache Geronimo 2.0.2
Apache Geronimo 2.0.1
Apache Geronimo 1.1.1
Apache Geronimo 1.1
Apache Geronimo 1.0.1
Apache Geronimo 1.0
Apache Geronimo 2.1
Apache Geronimo 2.0
Apache Geronimo 1.2
Apache Geronimo 1.1
Apache Geronimo 1.0
Not Vulnerable: Redhat JBoss Communications Platform 5.1.3
IBM Storwize V7000 Unified 1.4 0
IBM Storwize V7000 Unified 1.3.2 3
HP XP P9000 Performance Advisor 5.5.1
CTERA Networks CTERA Portal 3.2.28
CTERA Networks CTERA Portal 3.1.39
Avaya Voice Portal 5.1 SP3
Avaya Aura System Platform 6.2 SP1
Avaya Aura Application Enablement Services 6.2
Apache Tomcat 5.5.34
Apache Tomcat 7.0.19
Apache Tomcat 6.0.33
Apache Geronimo 2.1.8


 

Privacy Statement
Copyright 2010, SecurityFocus