CVE-2011-2481

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 7.0.0 through 7.0.16

Description The issue allows local users to read or modify the web.xml, context.xml, or tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. This occurs because of a regression of a previously reported issue, which was re-introduced during the re-factoring of XML validation for Tomcat 7.0.x. If a web application is the first to be loaded, it may potentially view and/or alter the files of other web applications deployed on the Tomcat instance.

Recommendations For Apache Tomcat versions 7.0.0 through 7.0.16, update to version 7.0.17 or later to resolve the issue.