CVE-2011-3376

Apache Tomcat <7.0.22 - Privilege Escalation

Title source: llm
STIX 2.1

Description

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

References (4)

Core 4

Scores

EPSS 0.0064
EPSS Percentile 46.6%

Details

CWE
CWE-264
Status published
Products (22)
apache/tomcat 7.0.0 (2 CPE variants)
apache/tomcat 7.0.1
apache/tomcat 7.0.2
apache/tomcat 7.0.3
apache/tomcat 7.0.4
apache/tomcat 7.0.5
apache/tomcat 7.0.6
apache/tomcat 7.0.7
apache/tomcat 7.0.8
apache/tomcat 7.0.9
... and 12 more
Published Nov 11, 2011
Tracked Since Feb 18, 2026