PT-2011-4414 · Apache · Apache Tomcat
Ate Douma
·
Published
2011-10-01
·
Updated
2017-05-23
·
CVE-2011-3376
CVSS v2.0
4.4
Medium
| Vector | AV:L/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Apache Tomcat versions prior to 7.0.22
Description
The issue allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality. This only affects environments running untrusted web applications, such as shared hosting environments. The vulnerability enables an untrusted web application to use the Manager application's functionality, potentially allowing it to obtain information on running web applications and deploy additional web applications.
Recommendations
For Apache Tomcat versions prior to 7.0.22, update to version 7.0.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the Manager application's functionality to only trusted web applications.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Tomcat