Summary
Apache Tomcat is prone to a remote information-disclosure vulnerability.
Remote attackers can exploit this issue to obtain sensitive information that will aid in further attacks. Attackers may also crash the JVM.
The following versions are affected:
Tomcat 5.5.0 through 5.5.33 Tomcat 6.0.0 through 6.0.32 Tomcat 7.0.0 through 7.0.18
Solution
Updates are available. Please see the references for more information.
References
- http://support.avaya.com/css/P8/documents/100147767
- http://tomcat.apache.org/
- http://tomcat.apache.org/security-5.html
- http://tomcat.apache.org/security-6.html
- http://tomcat.apache.org/security-7.html
- http://www.ibm.com/support/docview.wss?uid=swg21507512
- http://www.securityfocus.com/bid/48667
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-2526 -
CVSS Base Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Web Server ETag Header Information Disclosure Weakness
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache ActiveMQ Multiple Vulnerabilities
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
- Apache Tomcat source.jsp malformed request information disclosure