Search for vulnerabilities
Vulnerability details: VCID-g536-cvsh-aaam
Vulnerability ID VCID-g536-cvsh-aaam
Aliases CVE-2011-2526
GHSA-9ggm-7897-x4mg
Summary Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-20 Improper Input Validation
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual HIGH http://marc.info/?l=bugtraq&m=132215163318824&w=2
generic_textual HIGH http://marc.info/?l=bugtraq&m=133469267822771&w=2
cvssv3.1 4.2 http://marc.info/?l=bugtraq&m=136485229118404&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=136485229118404&w=2
cvssv3.1 7.5 http://marc.info/?l=bugtraq&m=139344343412337&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=139344343412337&w=2
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2012-0074.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2012-0075.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2012-0076.html
rhas Moderate https://access.redhat.com/errata/RHSA-2011:1780
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0041
rhas Important https://access.redhat.com/errata/RHSA-2012:0074
rhas Important https://access.redhat.com/errata/RHSA-2012:0075
rhas Important https://access.redhat.com/errata/RHSA-2012:0076
rhas Important https://access.redhat.com/errata/RHSA-2012:0077
rhas Important https://access.redhat.com/errata/RHSA-2012:0078
rhas Important https://access.redhat.com/errata/RHSA-2012:0091
rhas Important https://access.redhat.com/errata/RHSA-2012:0325
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0679
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0680
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0681
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0682
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2011-2526
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=720948
apache_tomcat Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526
generic_textual MODERATE http://secunia.com/advisories/57126
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/68541
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-9ggm-7897-x4mg
generic_textual MODERATE https://github.com/apache/tomcat55/commit/e67f6882118f2a8285e4e8acd050dad64a3ef3e4
generic_textual MODERATE https://github.com/apache/tomcat/commit/1d372c881eafd9ffe729996f8560fd5fe50cd39d
generic_textual MODERATE https://github.com/apache/tomcat/commit/2e69497fa7b1444632c6dadb64a4a82e18478ee6
generic_textual MODERATE https://github.com/apache/tomcat/commit/48dded4ab1209a030770ab67a789d3b2528b6329
generic_textual MODERATE https://github.com/apache/tomcat/commit/ff8789737a0a64c12d68929497f16d8021052048
cvssv3.1 4.2 https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
generic_textual LOW https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
generic_textual LOW https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
generic_textual LOW https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
cvssv3.1 4.2 https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
generic_textual LOW https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
cvssv2 4.4 https://nvd.nist.gov/vuln/detail/CVE-2011-2526
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14573
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19514
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1145383
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1145571
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1145694
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1146005
generic_textual MODERATE https://web.archive.org/web/20110717104325/http://www.securityfocus.com/bid/48667
generic_textual MODERATE https://web.archive.org/web/20111110135231/http://www.securityfocus.com/archive/1/518889/100/0/threaded
generic_textual MODERATE https://web.archive.org/web/20121025191346/http://secunia.com/advisories/45232
generic_textual MODERATE https://web.archive.org/web/20140802025928/http://secunia.com/advisories/48308
cvssv3.1 7.5 https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126
generic_textual MODERATE https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126
generic_textual MODERATE https://web.archive.org/web/20160101172212/http://rhn.redhat.com/errata/RHSA-2012-0078.html
generic_textual MODERATE https://web.archive.org/web/20160101172638/http://rhn.redhat.com/errata/RHSA-2012-0077.html
generic_textual MODERATE https://web.archive.org/web/20160101195415/http://rhn.redhat.com/errata/RHSA-2012-0325.html
generic_textual MODERATE https://web.archive.org/web/20161107143207/http://www.securitytracker.com/id?1025788
cvssv3.1 4.2 http://tomcat.apache.org/security-5.html
generic_textual MODERATE http://tomcat.apache.org/security-5.html
cvssv3.1 9.8 http://tomcat.apache.org/security-6.html
generic_textual CRITICAL http://tomcat.apache.org/security-6.html
cvssv3.1 9.8 http://tomcat.apache.org/security-7.html
generic_textual CRITICAL http://tomcat.apache.org/security-7.html
generic_textual MODERATE http://www.debian.org/security/2012/dsa-2401
generic_textual HIGH http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
Reference id Reference type URL
http://marc.info/?l=bugtraq&m=132215163318824&w=2
http://marc.info/?l=bugtraq&m=133469267822771&w=2
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://osvdb.org/73797
http://osvdb.org/73798
http://rhn.redhat.com/errata/RHSA-2012-0074.html
http://rhn.redhat.com/errata/RHSA-2012-0075.html
http://rhn.redhat.com/errata/RHSA-2012-0076.html
http://rhn.redhat.com/errata/RHSA-2012-0077.html
http://rhn.redhat.com/errata/RHSA-2012-0078.html
http://rhn.redhat.com/errata/RHSA-2012-0325.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2526.json
https://api.first.org/data/v1/epss?cve=CVE-2011-2526
https://bugzilla.redhat.com/show_bug.cgi?id=720948
http://secunia.com/advisories/45232
http://secunia.com/advisories/48308
http://secunia.com/advisories/57126
https://exchange.xforce.ibmcloud.com/vulnerabilities/68541
https://github.com/apache/tomcat55/commit/e67f6882118f2a8285e4e8acd050dad64a3ef3e4
https://github.com/apache/tomcat/commit/1d372c881eafd9ffe729996f8560fd5fe50cd39d
https://github.com/apache/tomcat/commit/2e69497fa7b1444632c6dadb64a4a82e18478ee6
https://github.com/apache/tomcat/commit/48dded4ab1209a030770ab67a789d3b2528b6329
https://github.com/apache/tomcat/commit/ff8789737a0a64c12d68929497f16d8021052048
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14573
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19514
https://svn.apache.org/viewvc?view=rev&rev=1145383
https://svn.apache.org/viewvc?view=rev&rev=1145489
https://svn.apache.org/viewvc?view=rev&rev=1145571
https://svn.apache.org/viewvc?view=rev&rev=1145694
https://svn.apache.org/viewvc?view=rev&rev=1146005
https://svn.apache.org/viewvc?view=rev&rev=1146703
https://svn.apache.org/viewvc?view=rev&rev=1158244
http://svn.apache.org/viewvc?view=revision&revision=1145383
http://svn.apache.org/viewvc?view=revision&revision=1145571
http://svn.apache.org/viewvc?view=revision&revision=1145694
http://svn.apache.org/viewvc?view=revision&revision=1146005
https://web.archive.org/web/20110717104325/http://www.securityfocus.com/bid/48667
https://web.archive.org/web/20111110135231/http://www.securityfocus.com/archive/1/518889/100/0/threaded
https://web.archive.org/web/20121025191346/http://secunia.com/advisories/45232
https://web.archive.org/web/20140802025928/http://secunia.com/advisories/48308
https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126
https://web.archive.org/web/20160101172212/http://rhn.redhat.com/errata/RHSA-2012-0078.html
https://web.archive.org/web/20160101172638/http://rhn.redhat.com/errata/RHSA-2012-0077.html
https://web.archive.org/web/20160101195415/http://rhn.redhat.com/errata/RHSA-2012-0325.html
https://web.archive.org/web/20161107143207/http://www.securitytracker.com/id?1025788
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://www.debian.org/security/2012/dsa-2401
http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
http://www.securityfocus.com/archive/1/518889/100/0/threaded
http://www.securityfocus.com/bid/48667
http://www.securitytracker.com/id?1025788
634992 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634992
cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
CVE-2011-2526 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526
CVE-2011-2526 https://nvd.nist.gov/vuln/detail/CVE-2011-2526
GHSA-9ggm-7897-x4mg https://github.com/advisories/GHSA-9ggm-7897-x4mg
GLSA-201206-24 https://security.gentoo.org/glsa/201206-24
RHSA-2011:1780 https://access.redhat.com/errata/RHSA-2011:1780
RHSA-2012:0041 https://access.redhat.com/errata/RHSA-2012:0041
RHSA-2012:0074 https://access.redhat.com/errata/RHSA-2012:0074
RHSA-2012:0075 https://access.redhat.com/errata/RHSA-2012:0075
RHSA-2012:0076 https://access.redhat.com/errata/RHSA-2012:0076
RHSA-2012:0077 https://access.redhat.com/errata/RHSA-2012:0077
RHSA-2012:0078 https://access.redhat.com/errata/RHSA-2012:0078
RHSA-2012:0091 https://access.redhat.com/errata/RHSA-2012:0091
RHSA-2012:0325 https://access.redhat.com/errata/RHSA-2012:0325
RHSA-2012:0679 https://access.redhat.com/errata/RHSA-2012:0679
RHSA-2012:0680 https://access.redhat.com/errata/RHSA-2012:0680
RHSA-2012:0681 https://access.redhat.com/errata/RHSA-2012:0681
RHSA-2012:0682 https://access.redhat.com/errata/RHSA-2012:0682
USN-1252-1 https://usn.ubuntu.com/1252-1/
No exploits are available.
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at http://marc.info/?l=bugtraq&m=136485229118404&w=2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://marc.info/?l=bugtraq&m=139344343412337&w=2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2011-2526
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://web.archive.org/web/20151017023138/http://secunia.com/advisories/57126
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at http://tomcat.apache.org/security-5.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://tomcat.apache.org/security-6.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://tomcat.apache.org/security-7.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.18101
EPSS Score 0.00046
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.