Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.

OSVersionArchitecturePackageVersionFilename
Debian9alltomcat7< 7.0.75-1tomcat7_7.0.75-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	all	tomcat7	< 7.0.75-1	tomcat7_7.0.75-1_all.deb

cve 1

ubuntucve 1

cvelist 1

prion 1

openvas 35

nvd 1

github 1

osv 2

nessus 30

fedora 4

amazon 1

ubuntu 1

tomcat 3

oraclelinux 3

redhat 6

centos 2

ibm 2

debian 1

gentoo 1

securityvulns 2

cve

CVE-2011-2204

2011-06-29 17:55:04

ubuntucve

CVE-2011-2204

2011-06-29 00:00:00

cvelist

CVE-2011-2204

2011-06-29 17:00:00

prion

Design/Logic Flaw

2011-06-29 17:55:00

openvas

Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability

2011-09-08 00:00:00

Fedora Update for tomcat6 FEDORA-2011-13426

2012-04-02 00:00:00

Fedora Update for tomcat6 FEDORA-2011-13426

2012-04-02 00:00:00

nvd

CVE-2011-2204

2011-06-29 17:55:04

github

Insertion of Sensitive Information into Log File in Apache Tomcat

2022-05-14 01:17:03

osv

Insertion of Sensitive Information into Log File in Apache Tomcat

2022-05-14 01:17:03

tomcat6 - several

2012-02-02 00:00:00

nessus

SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7688)

2011-09-01 00:00:00

Apache Tomcat 7.0.x < 7.0.19 Multiple Vulnerabilities

2011-08-01 00:00:00

openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0988-1)

2014-06-13 00:00:00

fedora

[SECURITY] Fedora 16 Update: tomcat6-6.0.32-17.fc16

2011-10-19 04:35:58

[SECURITY] Fedora 15 Update: tomcat6-6.0.32-8.fc15

2011-10-20 09:58:03

[SECURITY] Fedora 15 Update: tomcat6-6.0.32-10.fc15

2011-11-10 17:33:27

amazon

Important: tomcat6

2011-12-02 22:21:00

ubuntu

Tomcat vulnerabilities

2011-11-08 00:00:00

tomcat

Fixed in Apache Tomcat 7.0.19

2011-07-19 00:00:00

Fixed in Apache Tomcat 6.0.33

2011-08-18 00:00:00

Fixed in Apache Tomcat 5.5.34

2011-09-22 00:00:00

oraclelinux

tomcat5 security update

2012-04-11 00:00:00

tomcat5 security update

2011-12-20 00:00:00

tomcat6 security and bug fix update

2011-12-05 00:00:00

redhat

(RHSA-2011:1845) Moderate: tomcat5 security update

2011-12-20 00:00:00

(RHSA-2011:1780) Moderate: tomcat6 security and bug fix update

2011-12-05 00:00:00

(RHSA-2012:0679) Moderate: tomcat5 security and bug fix update

2012-05-21 16:19:01

centos

tomcat6 security update

2011-12-22 16:00:12

tomcat5 security update

2011-12-20 19:18:57

ibm

Security Bulletin: Storwize V7000 Unified V1.3.2.3 and V1.4.0.0 Include Fixes for Multiple Vendor Security Vulnerabilities

2022-09-26 04:23:14

Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities

2022-09-26 04:23:14

debian

[SECURITY] [DSA 2401-1] tomcat6 security update

2012-02-02 19:29:50

gentoo

Apache Tomcat: Multiple vulnerabilities

2012-06-24 00:00:00

securityvulns

Apple OS X multiple security vulnerabilities

2012-02-03 00:00:00

APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001

2012-02-03 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.0004 Low

EPSS

Percentile

15.9%

JSON

Related for DEBIANCVE:CVE-2011-2204