[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-3190Date: (C)2011-08-31   (M)2023-12-22


Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1025993
http://www.securityfocus.com/archive/1/519466/100/0/threaded
SECUNIA-45748
SECUNIA-48308
SECUNIA-49094
BID-49353
SECUNIA-57126
SREASON-8362
DSA-2401
HPSBOV02762
HPSBST02955
HPSBUX02860
MDVSA-2011:156
SSRT100627
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
oval:org.mitre.oval:def:14933
oval:org.mitre.oval:def:19465
tomcat-ajp-security-bypass(69472)

CPE    85
cpe:/a:apache:tomcat:6.0
cpe:/a:apache:tomcat:6.0.9
cpe:/a:apache:tomcat:6.0.8
cpe:/a:apache:tomcat:6.0.7
...
CWE    1
CWE-264
OVAL    12
oval:org.secpod.oval:def:700683
oval:org.secpod.oval:def:1000117
oval:org.secpod.oval:def:1503298
oval:org.secpod.oval:def:301131
...

© SecPod Technologies