VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://marc.info/?l=bugtraq&m=132215163318824&w=2
generic_textual	MODERATE	http://marc.info/?l=bugtraq&m=133469267822771&w=2
generic_textual	MODERATE	http://marc.info/?l=bugtraq&m=136485229118404&w=2
generic_textual	MODERATE	http://marc.info/?l=bugtraq&m=139344343412337&w=2
generic_textual	MODERATE	https://access.redhat.com/errata/RHSA-2011:1845
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2011-2204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2011-2204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2011-2204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2011-2204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2011-2204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2011-2204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2011-2204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2011-2204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2011-2204
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2011-2204
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=717013
apache_tomcat	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204
generic_textual	MODERATE	https://exchange.xforce.ibmcloud.com/vulnerabilities/68238
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-c57p-3v2g-w9rg
generic_textual	MODERATE	https://github.com/apache/tomcat
generic_textual	MODERATE	https://github.com/apache/tomcat55/commit/8b81c8c869987e35deed04993ecfcf7be27ca298
generic_textual	MODERATE	https://github.com/apache/tomcat/commit/763a56b45999653ce648a18462b8a826809215b1
generic_textual	MODERATE	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2011-2204
generic_textual	MODERATE	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14931
generic_textual	MODERATE	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19532
generic_textual	MODERATE	http://support.apple.com/kb/HT5130
generic_textual	MODERATE	https://web.archive.org/web/20110711083618/http://securitytracker.com/id?1025712
generic_textual	MODERATE	http://tomcat.apache.org/security-5.html
generic_textual	MODERATE	http://tomcat.apache.org/security-6.html
generic_textual	MODERATE	http://tomcat.apache.org/security-7.html
generic_textual	MODERATE	http://www.debian.org/security/2012/dsa-2401

System

Score

Found at

generic_textual

MODERATE

http://marc.info/?l=bugtraq&m=132215163318824&w=2

generic_textual

MODERATE

http://marc.info/?l=bugtraq&m=133469267822771&w=2

generic_textual

MODERATE

http://marc.info/?l=bugtraq&m=136485229118404&w=2

generic_textual

MODERATE

http://marc.info/?l=bugtraq&m=139344343412337&w=2

generic_textual

MODERATE

https://access.redhat.com/errata/RHSA-2011:1845

epss

0.00098

https://api.first.org/data/v1/epss?cve=CVE-2011-2204

epss

0.00098

https://api.first.org/data/v1/epss?cve=CVE-2011-2204

epss

0.00098

https://api.first.org/data/v1/epss?cve=CVE-2011-2204

epss

0.00098

https://api.first.org/data/v1/epss?cve=CVE-2011-2204

epss

0.00098

https://api.first.org/data/v1/epss?cve=CVE-2011-2204

epss

0.00098

https://api.first.org/data/v1/epss?cve=CVE-2011-2204

epss

0.00098

https://api.first.org/data/v1/epss?cve=CVE-2011-2204

epss

0.00098

https://api.first.org/data/v1/epss?cve=CVE-2011-2204

epss

0.00098

https://api.first.org/data/v1/epss?cve=CVE-2011-2204

epss

0.00098

https://api.first.org/data/v1/epss?cve=CVE-2011-2204

generic_textual

MODERATE

https://bugzilla.redhat.com/show_bug.cgi?id=717013

apache_tomcat

Low

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204

generic_textual

MODERATE

https://exchange.xforce.ibmcloud.com/vulnerabilities/68238

cvssv3.1_qr

MODERATE

https://github.com/advisories/GHSA-c57p-3v2g-w9rg

generic_textual

MODERATE

https://github.com/apache/tomcat

generic_textual

MODERATE

https://github.com/apache/tomcat55/commit/8b81c8c869987e35deed04993ecfcf7be27ca298

generic_textual

MODERATE

https://github.com/apache/tomcat/commit/763a56b45999653ce648a18462b8a826809215b1

generic_textual

MODERATE

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

generic_textual

MODERATE

https://nvd.nist.gov/vuln/detail/CVE-2011-2204

generic_textual

MODERATE

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14931

generic_textual

MODERATE

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19532

generic_textual

MODERATE

http://support.apple.com/kb/HT5130

generic_textual

MODERATE

https://web.archive.org/web/20110711083618/http://securitytracker.com/id?1025712

generic_textual

MODERATE

http://tomcat.apache.org/security-5.html

generic_textual

MODERATE

http://tomcat.apache.org/security-6.html

generic_textual

MODERATE

http://tomcat.apache.org/security-7.html

generic_textual

MODERATE

http://www.debian.org/security/2012/dsa-2401

Reference id

Reference type

URL

http://marc.info/?l=bugtraq&m=132215163318824&w=2

http://marc.info/?l=bugtraq&m=133469267822771&w=2

http://marc.info/?l=bugtraq&m=136485229118404&w=2

http://marc.info/?l=bugtraq&m=139344343412337&w=2

https://access.redhat.com/errata/RHSA-2011:1845

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2204.json

https://api.first.org/data/v1/epss?cve=CVE-2011-2204

https://bugzilla.redhat.com/show_bug.cgi?id=717013

http://securitytracker.com/id?1025712

https://exchange.xforce.ibmcloud.com/vulnerabilities/68238

https://github.com/apache/tomcat

https://github.com/apache/tomcat55/commit/8b81c8c869987e35deed04993ecfcf7be27ca298

https://github.com/apache/tomcat/commit/763a56b45999653ce648a18462b8a826809215b1

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14931

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19532

https://svn.apache.org/viewvc?view=rev&rev=1140070

https://svn.apache.org/viewvc?view=rev&rev=1140071

https://svn.apache.org/viewvc?view=rev&rev=1140072

http://support.apple.com/kb/HT5130

https://web.archive.org/web/20110711083618/http://securitytracker.com/id?1025712

http://tomcat.apache.org/security-5.html

http://tomcat.apache.org/security-6.html

http://tomcat.apache.org/security-7.html

http://www.debian.org/security/2012/dsa-2401

http://www.redhat.com/support/errata/RHSA-2011-1845.html

CVE-2011-2204

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204

CVE-2011-2204

https://nvd.nist.gov/vuln/detail/CVE-2011-2204

GHSA-c57p-3v2g-w9rg

https://github.com/advisories/GHSA-c57p-3v2g-w9rg

GLSA-201206-24

https://security.gentoo.org/glsa/201206-24

RHSA-2011:1780

https://access.redhat.com/errata/RHSA-2011:1780

RHSA-2012:0679

https://access.redhat.com/errata/RHSA-2012:0679

RHSA-2012:0680

https://access.redhat.com/errata/RHSA-2012:0680

RHSA-2012:0681

https://access.redhat.com/errata/RHSA-2012:0681

RHSA-2012:0682

https://access.redhat.com/errata/RHSA-2012:0682

USN-1252-1

https://usn.ubuntu.com/1252-1/

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:38:15.566418+00:00	Apache Tomcat Importer	Import	https://tomcat.apache.org/security-7.html	38.0.0

2026-04-01T12:38:15.566418+00:00

Apache Tomcat Importer

Import

https://tomcat.apache.org/security-7.html

38.0.0

Vulnerability ID	VCID-mctd-9zgv-5qgp
Aliases	CVE-2011-2204 GHSA-c57p-3v2g-w9rg
Summary	Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-532	Insertion of Sensitive Information into Log File

Percentile	0.27023
EPSS Score	0.00098
Published At	April 1, 2026, 12:55 p.m.