CVE Vulnerabilities

CVE-2011-3376

Published: Nov 11, 2011 | Modified: May 23, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.4 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
6.4 MODERATE
AV:N/AC:L/Au:N/C:P/I:P/A:N
RedHat/V3
Ubuntu
LOW

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager applications functionality.

Affected Software

Name Vendor Start Version End Version
Tomcat Apache 7.0.0 (including) 7.0.0 (including)
Tomcat Apache 7.0.0-beta (including) 7.0.0-beta (including)
Tomcat Apache 7.0.1 (including) 7.0.1 (including)
Tomcat Apache 7.0.2 (including) 7.0.2 (including)
Tomcat Apache 7.0.3 (including) 7.0.3 (including)
Tomcat Apache 7.0.4 (including) 7.0.4 (including)
Tomcat Apache 7.0.5 (including) 7.0.5 (including)
Tomcat Apache 7.0.6 (including) 7.0.6 (including)
Tomcat Apache 7.0.7 (including) 7.0.7 (including)
Tomcat Apache 7.0.8 (including) 7.0.8 (including)
Tomcat Apache 7.0.9 (including) 7.0.9 (including)
Tomcat Apache 7.0.10 (including) 7.0.10 (including)
Tomcat Apache 7.0.11 (including) 7.0.11 (including)
Tomcat Apache 7.0.12 (including) 7.0.12 (including)
Tomcat Apache 7.0.13 (including) 7.0.13 (including)
Tomcat Apache 7.0.14 (including) 7.0.14 (including)
Tomcat Apache 7.0.15 (including) 7.0.15 (including)
Tomcat Apache 7.0.16 (including) 7.0.16 (including)
Tomcat Apache 7.0.17 (including) 7.0.17 (including)
Tomcat Apache 7.0.18 (including) 7.0.18 (including)
Tomcat Apache 7.0.19 (including) 7.0.19 (including)
Tomcat Apache 7.0.20 (including) 7.0.20 (including)
Tomcat Apache 7.0.21 (including) 7.0.21 (including)
Tomcat7 Ubuntu oneiric *
Tomcat7 Ubuntu upstream *

References