github - ghsa-r7c8-hghc-2mp8

ghsa-r7c8-hghc-2mp8

Vulnerability from github

Published

2022-05-17 02:44

Modified

2024-02-21 21:35

Summary

Apache Tomcat Allows Replacing of XML Parser

Details

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2011-2481"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-14T00:50:47Z",
    "nvd_published_at": "2011-08-15T21:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.  NOTE: this vulnerability exists because of a CVE-2009-0783 regression.",
  "id": "GHSA-r7c8-hghc-2mp8",
  "modified": "2024-02-21T21:35:06Z",
  "published": "2022-05-17T02:44:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2481"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/279e4451cb996f810fbca2f78b6340412d9daa7b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/tomcat"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=51395"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20111209022500/http://www.securityfocus.com/bid/49147"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20161127215021/http://securitytracker.com/id?1025924"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1137753"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1138788"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-7.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Apache Tomcat Allows Replacing of XML Parser"
}

cve-2011-2481

Vulnerability from cvelistv5

Published

2011-08-15 21:00

Modified

2024-08-06 23:00

Severity

Summary

References

URL	Tags
http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1138788	x_refsource_CONFIRM
http://securitytracker.com/id?1025924	vdb-entry, x_refsource_SECTRACK
https://issues.apache.org/bugzilla/show_bug.cgi?id=51395	x_refsource_CONFIRM
http://secunia.com/advisories/57126	third-party-advisory, x_refsource_SECUNIA
http://svn.apache.org/viewvc?view=revision&revision=1137753	x_refsource_CONFIRM
http://www.securityfocus.com/bid/49147	vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=139344343412337&w=2	vendor-advisory, x_refsource_HP

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website