Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27297
HistoryNov 11, 2011 - 12:00 a.m.

[SECURITY] CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app

2011-11-1100:00:00
vulners.com
36
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:

    • Tomcat 7.0.0 to 7.0.21

Description:
This issue only affects environments running web applications that are
not trusted (e.g. shared hosting environments). The Servlets that
implement the functionality of the Manager application that ships with
Apache Tomcat should only be available to Contexts (web applications)
that are marked as privileged. However, this check was not being made.
This allowed an untrusted web application to use the functionality of
the Manager application. This could be used to obtain information on
running web applications as well as deploying additional web applications.

Mitigation:
Users of Tomcat 7.0.x should upgrade to 7.0.22 or later

Credit:
This issue was identified by Ate Douma

References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJOuWxPAAoJEBDAHFovYFnng3oP/jkYsplqxz9hjWi6uztQK3Gv
BlS1IlbyqW5HW8rqr/pyfLWDDiJZUc+FmWRbyT96r/V4z0w4oGglGi289owLr1Lx
bsGlauWQhZh7k5nWKboMVEk6CjGOXVQ9zMJJwhEkrXn6/HNV5O65F/0nnLoHgStM
DNyKKpYDtc6XCI7+Pcutv3fqkk9niF3KSF3rePKlpUstVbuLx9HlX+0fbj7+X4w/
PyE5R9tVfr3Toiwn546QQR73VkOSmAGt0IEE9P06oY50ruW3/Z6wJjVHrlJUsoQ3
txupoC+FCZ5ph8DfoeVzav6Y3W9dImXz6rzxm3YnUKCDZuWnGVNzDE4IUyKdRM5t
W/Smquaat8VxsxMbU34bSJHYA1m2nos4qPrQvJl2w0wKWrPFRnu4f8RImvg1BIPH
gZ17raqPjdoBuE3H4ivgF0DSasVdYM/Ge977B+6nD9jzwE6FEFAFCCRpbYvD/6SA
//QbqSlcULb6CKZ6D/rNbLSQ3e0QD6GYaz3HjJcCtJkqo2FoLGY88AxtoF4es5SB
thYJf7r51J9W8g7nvw+b7Y0+eG3IczsBA0spIoyzIKr1RxSEFE2220idPdotpjAf
aticEwF9U5przWmwNab7lKUd91bo32ZVtvIprPGL/NfHrL3KC891gjYqkQtrcJC5
SkiQ74ix/uGZTB6HHCWm
=wak3
-----END PGP SIGNATURE-----

Related

debiancve 1
seebug 1
ubuntucve 1
securityvulns 1
prion 1
cve 1
tomcat 1
nessus 3
debiancve
debiancve
CVE-2011-3376
2011-11-11 21:55:00
seebug
seebug
Apache Tomcat管理应用程序安全限制绕过漏洞
2011-11-10 00:00:00
ubuntucve
ubuntucve
CVE-2011-3376
2011-11-11 00:00:00
securityvulns
securityvulns
Apache Tomcat privilege escalation
2011-11-11 00:00:00
prion
prion
Code injection
2011-11-11 21:55:00
cve
cve
CVE-2011-3376
2011-11-11 21:55:00
tomcat
tomcat
Fixed in Apache Tomcat 7.0.22
2011-10-01 00:00:00
nessus
nessus
Apache Tomcat 7.0.x < 7.0.22 Multiple Vulnerabilities
2012-02-22 00:00:00
Apache Tomcat 7.0.x < 7.0.22 Multiple Vulnerabilities
2012-02-22 00:00:00
Apache Tomcat 7.x < 7.0.22 Multiple Vulnerabilities
2011-12-12 00:00:00
JSON
Related for SECURITYVULNS:DOC:27297
debiancve1seebug1ubuntucve1securityvulns1prion1cve1tomcat1nessus3