Vulnerability Description
Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | 7.0.0 |
References
- http://marc.info/?l=bugtraq&m=139344343412337&w=2
- http://secunia.com/advisories/57126
- http://securitytracker.com/id?1025924
- http://svn.apache.org/viewvc?view=revision&revision=1137753Patch
- http://svn.apache.org/viewvc?view=revision&revision=1138788Patch
- http://tomcat.apache.org/security-7.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/49147
- https://issues.apache.org/bugzilla/show_bug.cgi?id=51395Exploit
- http://marc.info/?l=bugtraq&m=139344343412337&w=2
- http://secunia.com/advisories/57126
- http://securitytracker.com/id?1025924
- http://svn.apache.org/viewvc?view=revision&revision=1137753Patch
- http://svn.apache.org/viewvc?view=revision&revision=1138788Patch
- http://tomcat.apache.org/security-7.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/49147
FAQ
What is CVE-2011-2481?
CVE-2011-2481 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3)...
How severe is CVE-2011-2481?
CVE-2011-2481 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2481?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat.