Search for vulnerabilities
Vulnerability details: VCID-me4d-ruah-aaam
Vulnerability ID VCID-me4d-ruah-aaam
Aliases CVE-2011-2481
GHSA-r7c8-hghc-2mp8
Summary Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 7.5 http://marc.info/?l=bugtraq&m=139344343412337&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=139344343412337&w=2
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00243 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2011-2481
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=732820
apache_tomcat Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2481
generic_textual MODERATE http://secunia.com/advisories/57126
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-r7c8-hghc-2mp8
cvssv3.1 7.5 https://github.com/apache/tomcat
generic_textual HIGH https://github.com/apache/tomcat
generic_textual MODERATE https://github.com/apache/tomcat/commit/279e4451cb996f810fbca2f78b6340412d9daa7b
generic_textual MODERATE https://issues.apache.org/bugzilla/show_bug.cgi?id=51395
cvssv2 4.6 https://nvd.nist.gov/vuln/detail/CVE-2011-2481
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1137753
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1138788
generic_textual MODERATE https://web.archive.org/web/20111209022500/http://www.securityfocus.com/bid/49147
generic_textual MODERATE https://web.archive.org/web/20161127215021/http://securitytracker.com/id?1025924
cvssv3.1 9.8 http://tomcat.apache.org/security-7.html
generic_textual CRITICAL http://tomcat.apache.org/security-7.html
Reference id Reference type URL
http://marc.info/?l=bugtraq&m=139344343412337&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2481.json
https://api.first.org/data/v1/epss?cve=CVE-2011-2481
http://secunia.com/advisories/57126
http://securitytracker.com/id?1025924
https://github.com/apache/tomcat
https://github.com/apache/tomcat/commit/279e4451cb996f810fbca2f78b6340412d9daa7b
https://github.com/apache/tomcat/commit/81bb49ad58fc7b1177a86ba82abf0271d07ceeb7
https://github.com/apache/tomcat/commit/8fa210147ffd98e8971cba56395726cc4a893ad7
https://issues.apache.org/bugzilla/show_bug.cgi?id=51395
http://svn.apache.org/viewvc?view=revision&revision=1137753
http://svn.apache.org/viewvc?view=revision&revision=1138788
https://web.archive.org/web/20111209022500/http://www.securityfocus.com/bid/49147
https://web.archive.org/web/20161127215021/http://securitytracker.com/id?1025924
http://tomcat.apache.org/security-7.html
http://www.securityfocus.com/bid/49147
732820 https://bugzilla.redhat.com/show_bug.cgi?id=732820
cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
CVE-2011-2481 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2481
CVE-2011-2481 https://nvd.nist.gov/vuln/detail/CVE-2011-2481
GHSA-r7c8-hghc-2mp8 https://github.com/advisories/GHSA-r7c8-hghc-2mp8
GLSA-201206-24 https://security.gentoo.org/glsa/201206-24
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://marc.info/?l=bugtraq&m=139344343412337&w=2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2011-2481
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://tomcat.apache.org/security-7.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.11217
EPSS Score 0.00044
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.