Description

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

Remediation

References

CVE-2011-3376

Related Vulnerabilities

WordPress Plugin Blue Admin Cross-Site Request Forgery (21.06.01)

Python Divide By Zero Vulnerability (CVE-2017-18207)

WordPress Plugin Broadcast Live Video-Live Streaming:HTML5, WebRTC, HLS, RTSP, RTMP Cross-Site Scripting (4.27.2)

WordPress Plugin Gravity Forms Cross-Site Scripting (1.9.5)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2016-7065)

Severity

Medium

Classification

CVE-2011-3376 CWE-264

Tags

Missing Update Known Vulnerabilities