Search for vulnerabilities
Vulnerability details: VCID-cqws-wvr3-aaaf
Vulnerability ID VCID-cqws-wvr3-aaaf
Aliases CVE-2011-1088
GHSA-mg4v-rf8p-ghqq
Summary CVE-2011-1088 CVE-2011-1183 CVE-2011-1419 CVE-2011-1582 tomcat: various flaws due not following ServletSecurity annotations
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
generic_textual MODERATE http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106%40apache.org%3E
generic_textual MODERATE http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106@apache.org%3E
generic_textual MODERATE http://markmail.org/message/lzx5273wsgl5pob6
generic_textual MODERATE http://markmail.org/message/yzmyn44f5aetmm2r
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.10511 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13605 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
epss 0.13628 https://api.first.org/data/v1/epss?cve=CVE-2011-1088
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=708955
apache_tomcat Important https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1088
generic_textual MODERATE http://secunia.com/advisories/43684
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/65971
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-mg4v-rf8p-ghqq
cvssv3.1 7.5 https://github.com/apache/tomcat
generic_textual HIGH https://github.com/apache/tomcat
generic_textual MODERATE https://github.com/apache/tomcat/commit/02780bbc6089a12b19d3d5e5dc810455ac6bfe92
generic_textual MODERATE https://github.com/apache/tomcat/commit/0a5a19f0c3b8d199b7335da5f88e956f59926673
generic_textual MODERATE https://github.com/apache/tomcat/commit/0f95cb7401acdbfc9b65c878948b84bb496f2386
generic_textual MODERATE https://github.com/apache/tomcat/commit/0ff4905158b77787a7f3aca55c9dec93456665dc
generic_textual MODERATE https://github.com/apache/tomcat/commit/13fe121edb6f2b597d2b82725f1b01296ac78ebd
generic_textual MODERATE https://github.com/apache/tomcat/commit/149af600532df6a24b1f7fc93607d764dfc9a7ea
generic_textual MODERATE https://github.com/apache/tomcat/commit/1b2d5e90d271ab087a36b556eb17519454170529
generic_textual MODERATE https://github.com/apache/tomcat/commit/2d7dbfe4c63a4242a9b28fdb662d91ceb7a84630
generic_textual MODERATE https://github.com/apache/tomcat/commit/3ac2b5c1611af51ee5438fd32a3254a2de1878ce
generic_textual MODERATE https://github.com/apache/tomcat/commit/3e5b0455483eed55752047073e92403bfca8d3ec
generic_textual MODERATE https://github.com/apache/tomcat/commit/5c8560f3054982abaa476d87ec031c439d58d66e
generic_textual MODERATE https://github.com/apache/tomcat/commit/63fd724e129b647b7d9026ae29513dd6b774b4b5
generic_textual MODERATE https://github.com/apache/tomcat/commit/880b1a4fc424625b56c8bcd9ebf6bfe966a1dadd
generic_textual MODERATE https://github.com/apache/tomcat/commit/9c90bdc1ad942374b1bb6b147613497970b3c8e1
generic_textual MODERATE https://github.com/apache/tomcat/commit/b1d1047a4c0a7754cabf57ac0303f92e4e77ef58
generic_textual MODERATE https://github.com/apache/tomcat/commit/dbac5e24759954daed3c584abb5d466fcf42dd4b
generic_textual MODERATE https://github.com/apache/tomcat/commit/dd10265436ea8b2fe35f1a8b09bc7390acbea269
generic_textual MODERATE https://github.com/apache/tomcat/commit/ece65c1a428094b1c6c17de3d7593f64e1bb1286
generic_textual MODERATE https://github.com/apache/tomcat/commit/ee627412570268df47a075f5d4dc5f7debf39fad
generic_textual MODERATE https://github.com/apache/tomcat/commit/f528992ec6cd7b62c9ced5b3a7dc4cda6bfd1a5e
cvssv2 5.8 https://nvd.nist.gov/vuln/detail/CVE-2011-1088
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1076586
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1076587
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1077995
cvssv3.1 9.8 http://tomcat.apache.org/security-7.html
generic_textual CRITICAL http://tomcat.apache.org/security-7.html
generic_textual MODERATE http://www.osvdb.org/71027
generic_textual MODERATE http://www.securityfocus.com/archive/1/517013/100/0/threaded
generic_textual MODERATE http://www.securityfocus.com/bid/46685
generic_textual MODERATE http://www.securitytracker.com/id?1025215
generic_textual MODERATE http://www.vupen.com/english/advisories/2011/0563
Reference id Reference type URL
http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106%40apache.org%3E
http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106@apache.org%3E
http://markmail.org/message/lzx5273wsgl5pob6
http://markmail.org/message/yzmyn44f5aetmm2r
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1088.json
https://api.first.org/data/v1/epss?cve=CVE-2011-1088
http://secunia.com/advisories/43684
https://exchange.xforce.ibmcloud.com/vulnerabilities/65971
https://github.com/apache/tomcat
https://github.com/apache/tomcat/commit/02780bbc6089a12b19d3d5e5dc810455ac6bfe92
https://github.com/apache/tomcat/commit/0a5a19f0c3b8d199b7335da5f88e956f59926673
https://github.com/apache/tomcat/commit/0f95cb7401acdbfc9b65c878948b84bb496f2386
https://github.com/apache/tomcat/commit/0ff4905158b77787a7f3aca55c9dec93456665dc
https://github.com/apache/tomcat/commit/13fe121edb6f2b597d2b82725f1b01296ac78ebd
https://github.com/apache/tomcat/commit/149af600532df6a24b1f7fc93607d764dfc9a7ea
https://github.com/apache/tomcat/commit/1b2d5e90d271ab087a36b556eb17519454170529
https://github.com/apache/tomcat/commit/2d7dbfe4c63a4242a9b28fdb662d91ceb7a84630
https://github.com/apache/tomcat/commit/3ac2b5c1611af51ee5438fd32a3254a2de1878ce
https://github.com/apache/tomcat/commit/3e5b0455483eed55752047073e92403bfca8d3ec
https://github.com/apache/tomcat/commit/5c8560f3054982abaa476d87ec031c439d58d66e
https://github.com/apache/tomcat/commit/63fd724e129b647b7d9026ae29513dd6b774b4b5
https://github.com/apache/tomcat/commit/880b1a4fc424625b56c8bcd9ebf6bfe966a1dadd
https://github.com/apache/tomcat/commit/9c90bdc1ad942374b1bb6b147613497970b3c8e1
https://github.com/apache/tomcat/commit/b1d1047a4c0a7754cabf57ac0303f92e4e77ef58
https://github.com/apache/tomcat/commit/dbac5e24759954daed3c584abb5d466fcf42dd4b
https://github.com/apache/tomcat/commit/dd10265436ea8b2fe35f1a8b09bc7390acbea269
https://github.com/apache/tomcat/commit/ece65c1a428094b1c6c17de3d7593f64e1bb1286
https://github.com/apache/tomcat/commit/ee627412570268df47a075f5d4dc5f7debf39fad
https://github.com/apache/tomcat/commit/f528992ec6cd7b62c9ced5b3a7dc4cda6bfd1a5e
https://svn.apache.org/viewvc?view=rev&rev=1076586
https://svn.apache.org/viewvc?view=rev&rev=1076587
https://svn.apache.org/viewvc?view=rev&rev=1077995
https://svn.apache.org/viewvc?view=rev&rev=1079752
http://svn.apache.org/viewvc?view=revision&revision=1076586
http://svn.apache.org/viewvc?view=revision&revision=1076587
http://svn.apache.org/viewvc?view=revision&revision=1077995
http://tomcat.apache.org/security-7.html
http://www.osvdb.org/71027
http://www.securityfocus.com/archive/1/517013/100/0/threaded
http://www.securityfocus.com/bid/46685
http://www.securitytracker.com/id?1025215
http://www.vupen.com/english/advisories/2011/0563
708955 https://bugzilla.redhat.com/show_bug.cgi?id=708955
cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
CVE-2011-1088 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1088
CVE-2011-1088 https://nvd.nist.gov/vuln/detail/CVE-2011-1088
GHSA-mg4v-rf8p-ghqq https://github.com/advisories/GHSA-mg4v-rf8p-ghqq
GLSA-201206-24 https://security.gentoo.org/glsa/201206-24
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2011-1088
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://tomcat.apache.org/security-7.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.57796
EPSS Score 0.00195
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.