Privilege Escalation Affecting org.apache.tomcat:tomcat-catalina Open this link in a new tab package, versions [7.0.0,7.0.22)

Attack Complexity

Low
User Interaction

Required

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-JAVA-ORGAPACHETOMCAT-30895
published

10 Jun 2015
disclosed

11 Nov 2011
credit

Unknown

Report a new vulnerability Found a mistake?

Introduced: 11 Nov 2011

CVE-2011-3376 Open this link in a new tab CWE-264 Open this link in a new tab

Overview

org.apache.tomcat:tomcat-catalina org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

Privilege Escalation Affecting org.apache.tomcat:tomcat-catalina Open this link in a new tab package, versions [7.0.0,7.0.22)

Attack Complexity

User Interaction

snyk-id

published

disclosed

credit

Introduced: 11 Nov 2011

Overview

References