Description

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.

Remediation

References

CVE-2011-2204

Related Vulnerabilities

WordPress Plugin 10Web Map Builder for Google Maps Cross-Site Scripting (1.0.71)

MySQL CVE-2018-2759 Vulnerability (CVE-2018-2759)

Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3514)

Piwigo Improper Access Control Vulnerability (CVE-2016-10085)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1514)

Severity

Low

Classification

CVE-2011-2204 CWE-200

Tags

Missing Update Known Vulnerabilities