Summary
The host is running Apache Tomcat Server and is prone to security bypass vulnerability.
Impact
Successful exploitation could allows remote attackers to bypass intended access restrictions or gain sensitive information.
Impact Level: Application.
Solution
Upgrade Apache Tomcat to 6.0.33, 7.0.22 or later,
For updates refer to http://tomcat.apache.org/
Insight
The flaw is due to improper recycling of the request object before processing the next request when logging certain actions, allowing attackers to gain sensitive information like remote IP address and HTTP headers which is being carried forward to the next request.
Affected
Apache Tomcat 6.0.30 to 6.0.32 and 7.x to 7.0.21 on Windows.
References
Severity
Classification
-
CVE CVE-2011-3375 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Lil' HTTP Server Cross Site Scripting Vulnerability
- Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)
- Ecava IntegraXor Account Information Disclosure Vulnerability
- Acritum Femitter Server URI Directory Traversal Vulnerability
- Apache Tomcat Partial HTTP Requests DoS Vulnerability (Windows)