Access Restriction Bypass Affecting org.apache.tomcat:tomcat-coyote Open this link in a new tab package, versions [7.0.0,7.0.20]


0.0
high
  • Attack Complexity

    Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-ORGAPACHETOMCAT-30924

  • published

    10 Jun 2015

  • disclosed

    31 Aug 2011

  • credit

    Unknown

Overview

org.apache.tomcat:tomcat-coyote Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

References