CVE-2011-3376

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions prior to 7.0.22

Description The issue allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality. This only affects environments running untrusted web applications, such as shared hosting environments. The vulnerability enables an untrusted web application to use the Manager application's functionality, potentially allowing it to obtain information on running web applications and deploy additional web applications.

Recommendations For Apache Tomcat versions prior to 7.0.22, update to version 7.0.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the Manager application's functionality to only trusted web applications.