Apache Tomcat Manager Application Security Bypass Vulnerability
BID:50603
Info
Apache Tomcat Manager Application Security Bypass Vulnerability
| Bugtraq ID: | 50603 |
| Class: | Design Error |
| CVE: |
CVE-2011-3376 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 08 2011 12:00AM |
| Updated: | May 23 2017 04:26PM |
| Credit: | Ate Douma |
| Vulnerable: |
Apache Tomcat 7.0.17 Apache Tomcat 7.0.16 Apache Tomcat 7.0.15 Apache Tomcat 7.0.14 Apache Tomcat 7.0.13 Apache Tomcat 7.0.12 Apache Tomcat 7.0.9 Apache Tomcat 7.0.8 Apache Tomcat 7.0.7 Apache Tomcat 7.0.6 Apache Tomcat 7.0.4 Apache Tomcat 7.0.3 Apache Tomcat 7.0.2 Apache Tomcat 7.0.1 Apache Tomcat 7.0 beta Apache Tomcat 7.0 Apache Tomcat 7.0.5 Apache Tomcat 7.0.21 Apache Tomcat 7.0.20 Apache Tomcat 7.0.19 Apache Tomcat 7.0.18 Apache Tomcat 7.0.17 Apache Tomcat 7.0.11 Apache Tomcat 7.0.10 |
| Not Vulnerable: |
Apache Tomcat 7.0.22 |
Discussion
Apache Tomcat Manager Application Security Bypass Vulnerability
Apache Tomcat is prone to a security-bypass vulnerability.
Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications.
This issue affects Apache Tomcat versions prior to 7.0.22.
Apache Tomcat is prone to a security-bypass vulnerability.
Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications.
This issue affects Apache Tomcat versions prior to 7.0.22.
Exploit / POC
Apache Tomcat Manager Application Security Bypass Vulnerability
An attacker needs to host a malicious web application on the affected webserver.
An attacker needs to host a malicious web application on the affected webserver.
Solution / Fix
Apache Tomcat Manager Application Security Bypass Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Apache Tomcat Manager Application Security Bypass Vulnerability
References:
References:
- Apache Tomcat Homepage (Apache)
- Low: Privilege Escalation CVE-2011-3376 (Apache)
- Security Updates (Apache)