Apache Tomcat Request Object Security Bypass Vulnerability (Win) Network Vulnerability

Summary

The host is running Apache Tomcat Server and is prone to security bypass vulnerability.

Impact

Successful exploitation could allows remote attackers to bypass intended access restrictions or gain sensitive information. Impact Level: Application.

Solution

Upgrade Apache Tomcat to 6.0.33, 7.0.22 or later, For updates refer to http://tomcat.apache.org/

Insight

The flaw is due to improper recycling of the request object before processing the next request when logging certain actions, allowing attackers to gain sensitive information like remote IP address and HTTP headers which is being carried forward to the next request.

Affected

Apache Tomcat 6.0.30 to 6.0.32 and 7.x to 7.0.21 on Windows.

References

http://seclists.org/fulldisclosure/2012/Jan/236
http://secunia.com/advisories/47554/
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
https://issues.apache.org/bugzilla/show_bug.cgi?id=51872

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3375

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

LiteSpeed Web Server Source Code Information Disclosure Vulnerability
Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability
Check for bdir.htr files
Acritum Femitter Server URI Directory Traversal Vulnerability
Apache Tomcat Multiple Security Bypass Vulnerabilities (Windows)

Take action and discover your vulnerabilities