My Oracle Support Banner

Solutions to CVE-2011-5035, now Available for Oracle Virtual Desktop Infrastructure (VDI) (Doc ID 1499901.1)

Last updated on FEBRUARY 25, 2022

Applies to:

Oracle Virtual Desktop Infrastructure - Version 3.3.1 to 3.3.2 [Release 3.0]
Information in this document applies to any platform.


The Oracle Security Blog has now published an announcement regarding CVE-2011-5035 and Oracle's Virtual Desktop Infrastructure (VDI) product,  versions 3.2 and 3.3. 

Note:  This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.


Updates for impacted versions of Oracle Virtual Desktop Infrastructure, VDI 3.2 and VDI 3.3, are available on the Oracle Security Blog.

Administrators responsible for these versions of VDI are encouraged to download the appropriate patch for their deployment, and update their enviornment using the instructions provided in the bundled README file. 

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-5035 Denial of service (DoS) vulnerability 5.0 Apache Tomcat VDI 3.3    Linux Solaris
VDI 3.2    Solaris


Note:  VDI version 3.4--and later--is not impacted by this issue.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.