Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-3376)

Description

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

Remediation

References

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4407)

Envoy Proxy Use After Free Vulnerability (CVE-2021-43826)

WordPress Plugin Bootstrap Categories Gallery Cross-Site Scripting (1.0.1)

WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.3)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Unspecified Vulnerability (2.0.40)

Severity

Medium

Classification

CVE-2011-3376 CWE-264

Tags

Missing Update Known Vulnerabilities