Lucene search

K

RedhatCVELIST:CVE-2011-3190

HistoryAug 31, 2011 - 11:00 p.m.

CVE-2011-3190

2011-08-3123:00:00

redhat

www.cve.org

8

AI Score

4.6

Confidence

High

EPSS

0.012

Percentile

85.4%

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

References

marc.info/?l=bugtraq&m=132215163318824&w=2

marc.info/?l=bugtraq&m=133469267822771&w=2

marc.info/?l=bugtraq&m=136485229118404&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

secunia.com/advisories/45748

secunia.com/advisories/48308

secunia.com/advisories/49094

secunia.com/advisories/57126

securityreason.com/securityalert/8362

www.debian.org/security/2012/dsa-2401

www.mandriva.com/security/advisories?name=MDVSA-2011:156

www.securityfocus.com/archive/1/519466/100/0/threaded

www.securityfocus.com/bid/49353

www.securitytracker.com/id?1025993

exchange.xforce.ibmcloud.com/vulnerabilities/69472

issues.apache.org/bugzilla/show_bug.cgi?id=51698

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465

AI Score

4.6

Confidence

High

EPSS

0.012

Percentile

85.4%

Related for CVELIST:CVE-2011-3190

debiancve1 nessus26 prion1 securityvulns4 openvas27 github1 cve1 ubuntucve1 osv2 nvd1 tomcat3 fedora4 amazon1 ubuntu1 centos1 redhat5 oraclelinux1 ibm4 vmware2 debian1 gentoo1