Description

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

Remediation

References

CVE-2011-3190

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-3307)

WordPress Plugin WordPress for Google Maps-WP MAPS SQL Injection (4.0.4)

Oracle Database Server CVE-2008-0345 Vulnerability (CVE-2008-0345)

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-8793)

Drupal Core 4.6.x Multiple Vulnerabilities (4.6.0 - 4.6.3)

Severity

High

Classification

CVE-2011-3190 CWE-264

Tags

Missing Update Known Vulnerabilities