Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-j2j9-avuw-n3eq
Vulnerability ID VCID-j2j9-avuw-n3eq
Aliases CVE-2011-3376
Summary org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
Status Published
Exploitability 0.5
Weighted Severity 2.7
Risk 1.4
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00299 https://api.first.org/data/v1/epss?cve=CVE-2011-3376
epss 0.00299 https://api.first.org/data/v1/epss?cve=CVE-2011-3376
epss 0.00299 https://api.first.org/data/v1/epss?cve=CVE-2011-3376
epss 0.00299 https://api.first.org/data/v1/epss?cve=CVE-2011-3376
epss 0.00299 https://api.first.org/data/v1/epss?cve=CVE-2011-3376
epss 0.00299 https://api.first.org/data/v1/epss?cve=CVE-2011-3376
epss 0.00299 https://api.first.org/data/v1/epss?cve=CVE-2011-3376
epss 0.00299 https://api.first.org/data/v1/epss?cve=CVE-2011-3376
epss 0.00299 https://api.first.org/data/v1/epss?cve=CVE-2011-3376
apache_tomcat Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3376
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3376.json
https://api.first.org/data/v1/epss?cve=CVE-2011-3376
https://svn.apache.org/viewvc?view=rev&rev=1176588
752371 https://bugzilla.redhat.com/show_bug.cgi?id=752371
CVE-2011-3376 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3376
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.53175
EPSS Score 0.00299
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:38:15.438593+00:00 Apache Tomcat Importer Import https://tomcat.apache.org/security-7.html 38.0.0