cve-2011-2481
Vulnerability from cvelistv5
Published
2011-08-15 21:00
Modified
2024-08-06 23:00
Severity
Summary
Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1138788"
},
{
"name": "1025924",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025924"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=51395"
},
{
"name": "57126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57126"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1137753"
},
{
"name": "49147",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49147"
},
{
"name": "HPSBST02955",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-22T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1138788"
},
{
"name": "1025924",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025924"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=51395"
},
{
"name": "57126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57126"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1137753"
},
{
"name": "49147",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49147"
},
{
"name": "HPSBST02955",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2481",
"datePublished": "2011-08-15T21:00:00",
"dateReserved": "2011-06-15T00:00:00",
"dateUpdated": "2024-08-06T23:00:34.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2011-2481\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2011-08-15T21:55:01.910\",\"lastModified\":\"2023-11-07T02:07:41.860\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.\"},{\"lang\":\"es\",\"value\":\"Apache Tomcat v7.0.x anterior a v7.0.17 permite a aplicaciones web reemplazar un parseador XML usado por otras aplicaciones web, lo que permite a usuarios locales leer o modificar (1) web.xml, (2) context.xml, o (3) ficheros tld de aplicaciones de su elecci\u00f3n a trav\u00e9s de una aplicaci\u00f3n manipulada cargada anteriormente de la aplicaci\u00f3n objetivo. NOTA: esta vulnerabilidad existe debido a un regresi\u00f3n de CVE-2009-0783\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.6},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F8C62EF-1B67-456A-9C66-755439CF8556\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"33E9607B-4D28-460D-896B-E4B7FA22441E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A819E245-D641-4F19-9139-6C940504F6E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C381275-10C5-4939-BCE3-0D1F3B3CB2EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7205475A-6D04-4042-B24E-1DA5A57029B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08022987-B36B-4F63-88A5-A8F59195DF4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF4B7557-EF35-451E-B55D-3296966695AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8980E61E-27BE-4858-82B3-C0E8128AF521\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8756BF9B-3E24-4677-87AE-31CE776541F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88CE057E-2092-4C98-8D0C-75CF439D0A9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F194580-EE6D-4E38-87F3-F0661262256B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9731BAA-4C6C-4259-B786-F577D8A90FA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F74A421-D019-4248-84B8-C70D4D9A8A95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BA27FF9-4C66-4E17-95C0-1CB2DAA6AFC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05346F5A-FB52-4376-AAC7-9A5308216545\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"305688F2-50A6-41FB-8614-BC589DB9A789\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/57126\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://securitytracker.com/id?1025924\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1137753\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1138788\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://tomcat.apache.org/security-7.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/49147\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://issues.apache.org/bugzilla/show_bug.cgi?id=51395\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]}]}}"
}
}
Loading...