Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2204

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2011-2204
Last Modified 16 Mar 2014 12:14:26
Published 29 Jun 2011 01:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2204

Summary

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.

Vulnerable Systems

Application

  • Apache Tomcat 5.5.0

  • Apache Tomcat 5.5.1

  • Apache Tomcat 5.5.10

  • Apache Tomcat 5.5.11

  • Apache Tomcat 5.5.12

  • Apache Tomcat 5.5.13

  • Apache Tomcat 5.5.14

  • Apache Tomcat 5.5.15

  • Apache Tomcat 5.5.16

  • Apache Tomcat 5.5.17

  • Apache Tomcat 5.5.18

  • Apache Tomcat 5.5.19

  • Apache Tomcat 5.5.2

  • Apache Tomcat 5.5.20

  • Apache Tomcat 5.5.21

  • Apache Tomcat 5.5.22

  • Apache Tomcat 5.5.23

  • Apache Tomcat 5.5.24

  • Apache Tomcat 5.5.25

  • Apache Tomcat 5.5.26

  • Apache Tomcat 5.5.27

  • Apache Tomcat 5.5.28

  • Apache Tomcat 5.5.29

  • Apache Tomcat 5.5.3

  • Apache Tomcat 5.5.30

  • Apache Tomcat 5.5.31

  • Apache Tomcat 5.5.32

  • Apache Tomcat 5.5.33

  • Apache Tomcat 5.5.4

  • Apache Tomcat 5.5.5

  • Apache Tomcat 5.5.6

  • Apache Tomcat 5.5.7

  • Apache Tomcat 5.5.8

  • Apache Tomcat 5.5.9

  • Apache Tomcat 6.0

  • Apache Tomcat 6.0.0

  • Apache Tomcat 6.0.1

  • Apache Tomcat 6.0.10

  • Apache Tomcat 6.0.11

  • Apache Tomcat 6.0.12

  • Apache Tomcat 6.0.13

  • Apache Tomcat 6.0.14

  • Apache Tomcat 6.0.15

  • Apache Tomcat 6.0.16

  • Apache Tomcat 6.0.17

  • Apache Tomcat 6.0.18

  • Apache Tomcat 6.0.19

  • Apache Tomcat 6.0.2

  • Apache Tomcat 6.0.20

  • Apache Tomcat 6.0.24

  • Apache Tomcat 6.0.26

  • Apache Tomcat 6.0.27

  • Apache Tomcat 6.0.28

  • Apache Tomcat 6.0.29

  • Apache Tomcat 6.0.3

  • Apache Tomcat 6.0.30

  • Apache Tomcat 6.0.31

  • Apache Tomcat 6.0.32

  • Apache Tomcat 6.0.4

  • Apache Tomcat 6.0.5

  • Apache Tomcat 6.0.6

  • Apache Tomcat 6.0.7

  • Apache Tomcat 6.0.8

  • Apache Tomcat 6.0.9

  • Apache Tomcat 7.0.0

  • Apache Tomcat 7.0.1

  • Apache Tomcat 7.0.10

  • Apache Tomcat 7.0.11

  • Apache Tomcat 7.0.12

  • Apache Tomcat 7.0.14

  • Apache Tomcat 7.0.2

  • Apache Tomcat 7.0.3

  • Apache Tomcat 7.0.4

  • Apache Tomcat 7.0.5

  • Apache Tomcat 7.0.6

  • Apache Tomcat 7.0.7

  • Apache Tomcat 7.0.8

  • Apache Tomcat 7.0.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=717013

XF - tomcat-jmx-info-disclosure(68238)

BID - 48456

OSVDB - 73429

CONFIRM - http://tomcat.apache.org/security-7.html

CONFIRM - http://tomcat.apache.org/security-6.html

CONFIRM - http://tomcat.apache.org/security-5.html

SECTRACK - 1025712

SECUNIA - 44981

REDHAT - RHSA-2011:1845

MANDRIVA - MDVSA-2011:156

HP - HPSBUX02725

CONFIRM - http://support.apple.com/kb/HT5130

APPLE - APPLE-SA-2012-02-01-1

DEBIAN - DSA-2401

HP - SSRT100627

HP - SSRT101146

HP - HPSBUX02860

HP - HPSBST02955

SECUNIA - 57126

Related Patches

Apple 2012-02-01 Security Update 2012-001 v1.1 Server (Snow Leopard)

Apple 2012-02-01 Security Update 2012-001 v1.1 (Snow Leopard)

Red Hat 2011:1845-01 RHSA Moderate: tomcat5 security update for RHEL 5 x86

Red Hat 2011:1845-01 RHSA Moderate: tomcat5 security update for RHEL 5 x86_64


Last Updated: 27 May 2016 10:58:04