Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2481

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2011-2481
Last Modified 16 Mar 2014 12:14:56
Published 15 Aug 2011 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-2481

Summary

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.

Vulnerable Systems

Application

  • Apache Tomcat 7.0.0

  • Apache Tomcat 7.0.1

  • Apache Tomcat 7.0.10

  • Apache Tomcat 7.0.11

  • Apache Tomcat 7.0.12

  • Apache Tomcat 7.0.13

  • Apache Tomcat 7.0.14

  • Apache Tomcat 7.0.2

  • Apache Tomcat 7.0.3

  • Apache Tomcat 7.0.4

  • Apache Tomcat 7.0.5

  • Apache Tomcat 7.0.6

  • Apache Tomcat 7.0.7

  • Apache Tomcat 7.0.8

  • Apache Tomcat 7.0.9


References

CONFIRM - http://tomcat.apache.org/security-7.html

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1138788

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1137753

CONFIRM - https://issues.apache.org/bugzilla/show_bug.cgi?id=51395

SECTRACK - 1025924

HP - HPSBST02955

SECUNIA - 57126


Last Updated: 27 May 2016 10:55:16