VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
generic_textual	HIGH	http://marc.info/?l=bugtraq&m=132215163318824&w=2
generic_textual	HIGH	http://marc.info/?l=bugtraq&m=133469267822771&w=2
generic_textual	HIGH	http://marc.info/?l=bugtraq&m=136485229118404&w=2
generic_textual	HIGH	http://marc.info/?l=bugtraq&m=139344343412337&w=2
epss	0.00872	https://api.first.org/data/v1/epss?cve=CVE-2011-3190
epss	0.00872	https://api.first.org/data/v1/epss?cve=CVE-2011-3190
epss	0.00872	https://api.first.org/data/v1/epss?cve=CVE-2011-3190
epss	0.00872	https://api.first.org/data/v1/epss?cve=CVE-2011-3190
epss	0.00872	https://api.first.org/data/v1/epss?cve=CVE-2011-3190
epss	0.00872	https://api.first.org/data/v1/epss?cve=CVE-2011-3190
epss	0.00872	https://api.first.org/data/v1/epss?cve=CVE-2011-3190
epss	0.00872	https://api.first.org/data/v1/epss?cve=CVE-2011-3190
epss	0.00872	https://api.first.org/data/v1/epss?cve=CVE-2011-3190
apache_tomcat	Important	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190
generic_textual	HIGH	http://securityreason.com/securityalert/8362
generic_textual	HIGH	https://exchange.xforce.ibmcloud.com/vulnerabilities/69472
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-c38m-v4m2-524v
generic_textual	HIGH	https://github.com/apache/tomcat
generic_textual	HIGH	https://github.com/apache/tomcat55/commit/be3eb28f82250a5c81a1c42216570ebf892aefac
generic_textual	HIGH	https://github.com/apache/tomcat/commit/a2538ce78f83b7376c48d12d8247600079d789b1
generic_textual	HIGH	https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
generic_textual	HIGH	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
generic_textual	HIGH	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
generic_textual	HIGH	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
generic_textual	HIGH	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2011-3190
generic_textual	HIGH	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933
generic_textual	HIGH	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465
generic_textual	HIGH	https://web.archive.org/web/20130121232525/http://www.securityfocus.com/archive/1/519466/100/0/threaded
generic_textual	HIGH	https://web.archive.org/web/20130314002148/http://www.securityfocus.com/bid/49353
generic_textual	HIGH	https://web.archive.org/web/20131214094052/http://www.securitytracker.com/id?1025993
generic_textual	HIGH	http://www.debian.org/security/2012/dsa-2401
generic_textual	HIGH	http://www.mandriva.com/security/advisories?name=MDVSA-2011:156

System

Score

Found at

generic_textual

HIGH

http://marc.info/?l=bugtraq&m=132215163318824&w=2

generic_textual

HIGH

http://marc.info/?l=bugtraq&m=133469267822771&w=2

generic_textual

HIGH

http://marc.info/?l=bugtraq&m=136485229118404&w=2

generic_textual

HIGH

http://marc.info/?l=bugtraq&m=139344343412337&w=2

epss

0.00872

https://api.first.org/data/v1/epss?cve=CVE-2011-3190

epss

0.00872

https://api.first.org/data/v1/epss?cve=CVE-2011-3190

epss

0.00872

https://api.first.org/data/v1/epss?cve=CVE-2011-3190

epss

0.00872

https://api.first.org/data/v1/epss?cve=CVE-2011-3190

epss

0.00872

https://api.first.org/data/v1/epss?cve=CVE-2011-3190

epss

0.00872

https://api.first.org/data/v1/epss?cve=CVE-2011-3190

epss

0.00872

https://api.first.org/data/v1/epss?cve=CVE-2011-3190

epss

0.00872

https://api.first.org/data/v1/epss?cve=CVE-2011-3190

epss

0.00872

https://api.first.org/data/v1/epss?cve=CVE-2011-3190

apache_tomcat

Important

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190

generic_textual

HIGH

http://securityreason.com/securityalert/8362

generic_textual

HIGH

https://exchange.xforce.ibmcloud.com/vulnerabilities/69472

cvssv3.1_qr

HIGH

https://github.com/advisories/GHSA-c38m-v4m2-524v

generic_textual

HIGH

https://github.com/apache/tomcat

generic_textual

HIGH

https://github.com/apache/tomcat55/commit/be3eb28f82250a5c81a1c42216570ebf892aefac

generic_textual

HIGH

https://github.com/apache/tomcat/commit/a2538ce78f83b7376c48d12d8247600079d789b1

generic_textual

HIGH

https://issues.apache.org/bugzilla/show_bug.cgi?id=51698

generic_textual

HIGH

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

generic_textual

HIGH

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

generic_textual

HIGH

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

generic_textual

HIGH

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

generic_textual

HIGH

https://nvd.nist.gov/vuln/detail/CVE-2011-3190

generic_textual

HIGH

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933

generic_textual

HIGH

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465

generic_textual

HIGH

https://web.archive.org/web/20130121232525/http://www.securityfocus.com/archive/1/519466/100/0/threaded

generic_textual

HIGH

https://web.archive.org/web/20130314002148/http://www.securityfocus.com/bid/49353

generic_textual

HIGH

https://web.archive.org/web/20131214094052/http://www.securitytracker.com/id?1025993

generic_textual

HIGH

http://www.debian.org/security/2012/dsa-2401

generic_textual

HIGH

http://www.mandriva.com/security/advisories?name=MDVSA-2011:156

Reference id

Reference type

URL

http://marc.info/?l=bugtraq&m=132215163318824&w=2

http://marc.info/?l=bugtraq&m=133469267822771&w=2

http://marc.info/?l=bugtraq&m=136485229118404&w=2

http://marc.info/?l=bugtraq&m=139344343412337&w=2

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3190.json

https://api.first.org/data/v1/epss?cve=CVE-2011-3190

http://securityreason.com/securityalert/8362

https://exchange.xforce.ibmcloud.com/vulnerabilities/69472

https://github.com/apache/tomcat

https://github.com/apache/tomcat55/commit/be3eb28f82250a5c81a1c42216570ebf892aefac

https://github.com/apache/tomcat70/commit/90ec9675fa080e22df5f9e3e7019a19eb2faec14

https://github.com/apache/tomcat/commit/a2538ce78f83b7376c48d12d8247600079d789b1

https://issues.apache.org/bugzilla/show_bug.cgi?id=51698

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465

https://svn.apache.org/viewvc?view=rev&rev=1162958

https://svn.apache.org/viewvc?view=rev&rev=1162959

https://svn.apache.org/viewvc?view=rev&rev=1162960

https://web.archive.org/web/20130121232525/http://www.securityfocus.com/archive/1/519466/100/0/threaded

https://web.archive.org/web/20130314002148/http://www.securityfocus.com/bid/49353

https://web.archive.org/web/20131214094052/http://www.securitytracker.com/id?1025993

http://www.debian.org/security/2012/dsa-2401

http://www.mandriva.com/security/advisories?name=MDVSA-2011:156

http://www.securityfocus.com/archive/1/519466/100/0/threaded

http://www.securityfocus.com/bid/49353

http://www.securitytracker.com/id?1025993

734868

https://bugzilla.redhat.com/show_bug.cgi?id=734868

CVE-2011-3190

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190

CVE-2011-3190

https://nvd.nist.gov/vuln/detail/CVE-2011-3190

GHSA-c38m-v4m2-524v

https://github.com/advisories/GHSA-c38m-v4m2-524v

GLSA-201206-24

https://security.gentoo.org/glsa/201206-24

RHSA-2011:1780

https://access.redhat.com/errata/RHSA-2011:1780

RHSA-2012:0679

https://access.redhat.com/errata/RHSA-2012:0679

RHSA-2012:0680

https://access.redhat.com/errata/RHSA-2012:0680

RHSA-2012:0681

https://access.redhat.com/errata/RHSA-2012:0681

RHSA-2012:0682

https://access.redhat.com/errata/RHSA-2012:0682

USN-1252-1

https://usn.ubuntu.com/1252-1/

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:38:15.471220+00:00	Apache Tomcat Importer	Import	https://tomcat.apache.org/security-7.html	38.0.0

2026-04-01T12:38:15.471220+00:00

Apache Tomcat Importer

Import

https://tomcat.apache.org/security-7.html

38.0.0

Vulnerability ID	VCID-quwu-ep21-cyew
Aliases	CVE-2011-3190 GHSA-c38m-v4m2-524v
Summary	Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-287	Improper Authentication

Percentile	0.75167
EPSS Score	0.00872
Published At	April 1, 2026, 12:55 p.m.