CVE-2011-3190
Apache Tomcat 5.5.0-5.5.33 6.0.0-6.0.33 7.0.0-7.0.20 - Unauthenticated Request Spoofing via AJP Protocol
Title source: llmDescription
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
References (22)
Core 22
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45748
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69472
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2401
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025993
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48308
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49094
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=136485229118404&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/49353
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8362
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=133469267822771&w=2
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=132215163318824&w=2
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57126
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/519466/100/0/threaded
Exploit x_refsource_misc
https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=139344343412337&w=2
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
Scores
EPSS
0.1523
EPSS Percentile
96.4%
Details
CWE
CWE-264
Status
published
Products (49)
apache/tomcat
7.0.0 (2 CPE variants)
apache/tomcat
7.0.1
apache/tomcat
7.0.2
apache/tomcat
7.0.3
apache/tomcat
7.0.4
apache/tomcat
7.0.5
apache/tomcat
7.0.6
apache/tomcat
7.0.7
apache/tomcat
7.0.8
apache/tomcat
7.0.9
... and 39 more
Published
Aug 31, 2011
Tracked Since
Feb 18, 2026