WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2011-3376 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

Description

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

Remediation

References

http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/DefaultInstanceManager.java?r1=1176588&r2=1176587&pathrev=1176588

http://svn.apache.org/viewvc?view=revision&revision=1176588

http://tomcat.apache.org/security-7.html

http://www.securityfocus.com/bid/50603

Related Vulnerabilities

CVE-2021-23348 Vulnerability in npm package portprocesses

CVE-2014-0193 Vulnerability in maven package org.onosproject:onlab-stc

CVE-2023-33937 Vulnerability in maven package com.liferay:com.liferay.dynamic.data.mapping.form.web

CVE-2017-5662 Vulnerability in maven package org.eclipse.birt.runtime.3_7_1:org.apache.batik.dom

CVE-2021-32620 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

Severity

Critical

Classification

CWE-264

Tags

Patch Vendor Advisory