CVE-2011-3190

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

Published date
2011-08-31T23:55Z
Last modification date
2019-03-25T11:33Z
Assigner
secalert@redhat.com
Problem type
CWE-264
NameURLSourceTags
49353http://www.securityfocus.com/bid/49353BID
https://issues.apache.org/bugzilla/show_bug.cgi?id=51698https://issues.apache.org/bugzilla/show_bug.cgi?id=51698MISCExploit
45748http://secunia.com/advisories/45748SECUNIAVendor Advisory
1025993http://www.securitytracker.com/id?1025993SECTRACK
8362http://securityreason.com/securityalert/8362SREASON
MDVSA-2011:156http://www.mandriva.com/security/advisories?name=MDVSA-2011:156MANDRIVA
DSA-2401http://www.debian.org/security/2012/dsa-2401DEBIAN
49094http://secunia.com/advisories/49094SECUNIA
SSRT100627http://marc.info/?l=bugtraq&m=132215163318824&w=2HP
HPSBUX02860http://marc.info/?l=bugtraq&m=136485229118404&w=2HP
HPSBST02955http://marc.info/?l=bugtraq&m=139344343412337&w=2HP
57126http://secunia.com/advisories/57126SECUNIA
HPSBOV02762http://marc.info/?l=bugtraq&m=133469267822771&w=2HP
tomcat-ajp-security-bypass(69472)https://exchange.xforce.ibmcloud.com/vulnerabilities/69472XF
oval:org.mitre.oval:def:19465https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465OVAL
oval:org.mitre.oval:def:14933https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933OVAL
48308http://secunia.com/advisories/48308SECUNIA
20110829 [SECURITY] CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosurehttp://www.securityfocus.com/archive/1/519466/100/0/threadedBUGTRAQ
[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3EMLIST
[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3EMLIST
[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3EMLIST
[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3EMLIST