Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2011-3190
Description:Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
Test IDs: 1.3.6.1.4.1.25623.1.0.70475   1.3.6.1.4.1.25623.1.0.70531   1.3.6.1.4.1.25623.1.0.70534   1.3.6.1.4.1.25623.1.0.70536   1.3.6.1.4.1.25623.1.0.70718   1.3.6.1.4.1.25623.1.0.103242   1.3.6.1.4.1.25623.1.0.881445   1.3.6.1.4.1.25623.1.0.870651  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2011-3190
BugTraq ID: 49353
http://www.securityfocus.com/bid/49353
Bugtraq: 20110829 [SECURITY] CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure (Google Search)
http://www.securityfocus.com/archive/1/519466/100/0/threaded
Debian Security Information: DSA-2401 (Google Search)
http://www.debian.org/security/2012/dsa-2401
HPdes Security Advisory: HPSBOV02762
http://marc.info/?l=bugtraq&m=133469267822771&w=2
HPdes Security Advisory: HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
HPdes Security Advisory: HPSBUX02725
http://marc.info/?l=bugtraq&m=132215163318824&w=2
HPdes Security Advisory: HPSBUX02860
http://marc.info/?l=bugtraq&m=136485229118404&w=2
HPdes Security Advisory: SSRT100627
http://marc.info/?l=bugtraq&m=132215163318824&w=2
HPdes Security Advisory: SSRT100825
http://marc.info/?l=bugtraq&m=133469267822771&w=2
HPdes Security Advisory: SSRT101146
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465
http://www.securitytracker.com/id?1025993
http://secunia.com/advisories/45748
http://secunia.com/advisories/48308
http://secunia.com/advisories/49094
http://secunia.com/advisories/57126
http://securityreason.com/securityalert/8362
XForce ISS Database: tomcat-ajp-security-bypass(69472)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69472




© 1998-2021 E-Soft Inc. All rights reserved.