QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2011-3190

Back to search

CVE-2011-3190

Published: Aug 31, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

VendorProductVersions

n/a

n/a

affected
n/a

References

45748
third-party-advisory
x_refsource_SECUNIA
tomcat-ajp-security-bypass(69472)
vdb-entry
x_refsource_XF
MDVSA-2011:156
vendor-advisory
x_refsource_MANDRIVA
DSA-2401
vendor-advisory
x_refsource_DEBIAN
1025993
vdb-entry
x_refsource_SECTRACK
48308
third-party-advisory
x_refsource_SECUNIA
49094
third-party-advisory
x_refsource_SECUNIA
HPSBUX02860
vendor-advisory
x_refsource_HP
49353
vdb-entry
x_refsource_BID
8362
third-party-advisory
x_refsource_SREASON
HPSBOV02762
vendor-advisory
x_refsource_HP
oval:org.mitre.oval:def:19465
vdb-entry
signature
x_refsource_OVAL
SSRT100627
vendor-advisory
x_refsource_HP
oval:org.mitre.oval:def:14933
vdb-entry
signature
x_refsource_OVAL
57126
third-party-advisory
x_refsource_SECUNIA
SSRT100825
vendor-advisory
x_refsource_HP
HPSBUX02725
vendor-advisory
x_refsource_HP
SSRT101146
vendor-advisory
x_refsource_HP
HPSBST02955
vendor-advisory
x_refsource_HP

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now