Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability

Apache Tomcat is prone to a remote information-disclosure vulnerability.

Remote attackers can exploit this issue to obtain sensitive information that will aid in further attacks. Attackers may also crash the JVM.

The following versions are affected:

Tomcat 5.5.0 through 5.5.33
Tomcat 6.0.0 through 6.0.32
Tomcat 7.0.0 through 7.0.18


Privacy Statement
Copyright 2010, SecurityFocus