exploitDog

CVE-2011-3376

Опубликовано: 01 окт. 2011

Источник: redhat

CVSS2: 6.4

Описание

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

Отчет

Not affected. This flaw did not affect any version of Tomcat shipped in Red Hat products. This flaw only affected Tomcat versions 7.0.0 - 7.0.21.

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2011-3376

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=752371tomcat: Privilege escalation via the Manager application

6.4 Medium

CVSS2

Связанные уязвимости

CVE-2011-3376

ubuntu

больше 13 лет назад

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

CVE-2011-3376

nvd

больше 13 лет назад

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

CVE-2011-3376

debian

больше 13 лет назад

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat ...

GHSA-cw29-r48c-h5f9

github

около 3 лет назад

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

6.4 Medium

CVSS2