CVE-2011-3190
published 2011-08-31CVE-2011-3190: Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions…
PriorityP348high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
15.23%
96.3th percentile
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
Affected
89 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
ghsa·2022-05-14
CVE-2011-3190 [HIGH] CWE-287 Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
OSV
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
osv·2022-05-14
CVE-2011-3190 [HIGH] Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
VMware
VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
vendor_vmware·2012-03-15·CVSS 7.2
CVE-2010-0405 [HIGH] VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
VMSA-2012-0005: VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
a. VMware Tools Display Driver Privilege Escalation The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on Windows-based Guest Operating Systems. VMware would like to thank Tarjei Mandt for reporting theses issues to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-1509 (XPDM buffer overrun), CVE-2012-1510 (WDDM buffer overrun) and CVE-2012-1508 (XPDM null pointer dereference) to these issues. Note: CVE-2012-1509 do
Ubuntu
Tomcat vulnerabilities
vendor_ubuntu·2011-11-08·CVSS 5.0
CVE-2011-3190 [MEDIUM] Tomcat vulnerabilities
Title: Tomcat vulnerabilities
Summary: Tomcat could be made to crash or expose sensitive information over the
network.
It was discovered that Tomcat incorrectly implemented HTTP DIGEST
authentication. An attacker could use this flaw to perform a variety of
authentication attacks. (CVE-2011-1184)
Polina Genova discovered that Tomcat incorrectly created log entries with
passwords when encountering errors during JMX user creation. A local
attacker could possibly use this flaw to obtain sensitive information. This
issue only affected Ubuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-2204)
It was discovered that Tomcat incorrectly validated certain request
attributes when sendfile is enabled. A local attacker could bypass intended
restrictions, or cause the JVM to crash, resulting in a denial of
Red Hat
tomcat: authentication bypass and information disclosure
vendor_redhat·2011-08-20·CVSS 7.5
CVE-2011-3190 [HIGH] tomcat: authentication bypass and information disclosure
tomcat: authentication bypass and information disclosure
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
Package: tomcat5 (Red Hat Enterprise Linux 5) - Not affected
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-3190 tomcat: authentication bypass and information disclosure [fedora-all]
bugzilla·2011-09-15·CVSS 7.5
CVE-2011-3190 [HIGH] CVE-2011-3190 tomcat: authentication bypass and information disclosure [fedora-all]
CVE-2011-3190 tomcat: authentication bypass and information disclosure [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=734868
Please note: this issue affects
Bugzilla
CVE-2011-3190 tomcat: authentication bypass and information disclosure [fedora-16]
bugzilla·2011-09-15·CVSS 7.5
CVE-2011-3190 [HIGH] CVE-2011-3190 tomcat: authentication bypass and information disclosure [fedora-16]
CVE-2011-3190 tomcat: authentication bypass and information disclosure [fedora-16]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=734868
Please note: this issue affects
Bugzilla
CVE-2011-3190 tomcat: authentication bypass and information disclosure
bugzilla·2011-08-31·CVSS 7.5
CVE-2011-3190 [HIGH] CVE-2011-3190 tomcat: authentication bypass and information disclosure
CVE-2011-3190 tomcat: authentication bypass and information disclosure
It was reported that Apache Tomcat was vulnerable to an authentication bypass and information disclosure flaw.
Apache Tomcat supports the AJP protocol which is used with reverse proxies to pass requests and associated data about the request from the reverse proxy to Tomcat. The AJP protocol is designed so that when a request includes a request body, an unsolicited AJP message is sent to Tomcat that includes the first part (or possibly all) of the request body. In certain circumstances, Tomcat did not process this message as a request body but as a new request. This permitted an attacker to have full control over the AJP message permitting authentication bypass and information disclosure. This vulnerability only occurs
arXiv
Detection of Configuration Vulnerabilities in Distributed (Web) Environments
arxiv_fulltext·2012-07-12
Detection of Configuration Vulnerabilities in Distributed (Web) Environments
Detection of Configuration Vulnerabilities in Distributed (Web) Environments This work was partially
supported by the FP7-ICT-2009.1.4 Project PoSecCo (no. 257129,
.posecco.eu)
Detection of configuration vulnerabilities
Matteo Maria Casalino Michele Mangili Henrik Plate Serena
Elisa Ponta
SAP Research Sophia-Antipolis, 805 Avenue Dr M. Donat,
06250 Mougins, France matteo.maria.casalino,
henrik.plate, [email protected]
M. M. Casalino M. Mangili H. Plate S. E. Ponta
## Abstract
Many tools and libraries are readily available to build and operate
distributed Web applications. While the setup of operational
environments is comparatively easy, practice shows that their
continuous secure operation is more difficult to achieve, many times
resulting in vulnerable systems exposed to the Int
http://marc.info/?l=bugtraq&m=132215163318824&w=2http://marc.info/?l=bugtraq&m=133469267822771&w=2http://marc.info/?l=bugtraq&m=136485229118404&w=2http://marc.info/?l=bugtraq&m=139344343412337&w=2http://secunia.com/advisories/45748http://secunia.com/advisories/48308http://secunia.com/advisories/49094http://secunia.com/advisories/57126http://securityreason.com/securityalert/8362http://www.debian.org/security/2012/dsa-2401http://www.mandriva.com/security/advisories?name=MDVSA-2011:156http://www.securityfocus.com/archive/1/519466/100/0/threadedhttp://www.securityfocus.com/bid/49353http://www.securitytracker.com/id?1025993https://exchange.xforce.ibmcloud.com/vulnerabilities/69472https://issues.apache.org/bugzilla/show_bug.cgi?id=51698https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465http://marc.info/?l=bugtraq&m=132215163318824&w=2http://marc.info/?l=bugtraq&m=133469267822771&w=2http://marc.info/?l=bugtraq&m=136485229118404&w=2http://marc.info/?l=bugtraq&m=139344343412337&w=2http://secunia.com/advisories/45748http://secunia.com/advisories/48308http://secunia.com/advisories/49094http://secunia.com/advisories/57126http://securityreason.com/securityalert/8362http://www.debian.org/security/2012/dsa-2401http://www.mandriva.com/security/advisories?name=MDVSA-2011:156http://www.securityfocus.com/archive/1/519466/100/0/threadedhttp://www.securityfocus.com/bid/49353http://www.securitytracker.com/id?1025993https://exchange.xforce.ibmcloud.com/vulnerabilities/69472https://issues.apache.org/bugzilla/show_bug.cgi?id=51698https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465
2011-08-31
Published