Vulnerability Description
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | 7.0.0 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=132215163318824&w=2
- http://marc.info/?l=bugtraq&m=133469267822771&w=2
- http://marc.info/?l=bugtraq&m=136485229118404&w=2
- http://marc.info/?l=bugtraq&m=139344343412337&w=2
- http://secunia.com/advisories/45748Vendor Advisory
- http://secunia.com/advisories/48308
- http://secunia.com/advisories/49094
- http://secunia.com/advisories/57126
- http://securityreason.com/securityalert/8362
- http://www.debian.org/security/2012/dsa-2401
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
- http://www.securityfocus.com/archive/1/519466/100/0/threaded
- http://www.securityfocus.com/bid/49353
- http://www.securitytracker.com/id?1025993
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69472
FAQ
What is CVE-2011-3190?
CVE-2011-3190 is a vulnerability with a CVSS score of 7.5 (HIGH). Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP reques...
How severe is CVE-2011-3190?
CVE-2011-3190 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3190?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat.