CVE-2011-3190

Apache Tomcat 5.5.0-5.5.33 6.0.0-6.0.33 7.0.0-7.0.20 - Unauthenticated Request Spoofing via AJP Protocol

Title source: llm
STIX 2.1

Description

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

References (22)

Core 22
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45748
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69472
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2401
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025993
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48308
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49094
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=136485229118404&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/49353
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8362
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=133469267822771&w=2
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=132215163318824&w=2
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57126
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/519466/100/0/threaded
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=139344343412337&w=2

Scores

EPSS 0.1523
EPSS Percentile 96.4%

Details

CWE
CWE-264
Status published
Products (49)
apache/tomcat 7.0.0 (2 CPE variants)
apache/tomcat 7.0.1
apache/tomcat 7.0.2
apache/tomcat 7.0.3
apache/tomcat 7.0.4
apache/tomcat 7.0.5
apache/tomcat 7.0.6
apache/tomcat 7.0.7
apache/tomcat 7.0.8
apache/tomcat 7.0.9
... and 39 more
Published Aug 31, 2011
Tracked Since Feb 18, 2026