Lucene search

PRIOn knowledge basePRION:CVE-2011-2526

HistoryJul 14, 2011 - 11:55 p.m.

Design/Logic Flaw

2011-07-1423:55:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

High

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

14.3%

JSON

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.

CPENameOperatorVersion
tomcateq5.5.27
tomcateq5.5.18
tomcateq5.5.12
tomcateq5.5.14
tomcateq5.5.10
tomcateq5.5.4
tomcateq5.5.7
tomcateq5.5.1
tomcateq5.5.11
tomcateq5.5.28

Name	Operator	Version
tomcat	eq	5.5.27
tomcat	eq	5.5.18
tomcat	eq	5.5.12
tomcat	eq	5.5.14
tomcat	eq	5.5.10
tomcat	eq	5.5.4
tomcat	eq	5.5.7
tomcat	eq	5.5.1
tomcat	eq	5.5.11
tomcat	eq	5.5.28

Rows per page:

1-10 of 801

References

osvdb.org/73797

osvdb.org/73798

rhn.redhat.com/errata/RHSA-2012-0074.html

rhn.redhat.com/errata/RHSA-2012-0075.html

rhn.redhat.com/errata/RHSA-2012-0076.html

rhn.redhat.com/errata/RHSA-2012-0077.html

rhn.redhat.com/errata/RHSA-2012-0078.html

rhn.redhat.com/errata/RHSA-2012-0325.html

secunia.com/advisories/45232

secunia.com/advisories/48308

secunia.com/advisories/57126

svn.apache.org/viewvc?view=revision&revision=1145383

svn.apache.org/viewvc?view=revision&revision=1145571

svn.apache.org/viewvc?view=revision&revision=1145694

svn.apache.org/viewvc?view=revision&revision=1146005

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

www.debian.org/security/2012/dsa-2401

www.mandriva.com/security/advisories?name=MDVSA-2011:156

www.securityfocus.com/archive/1/518889/100/0/threaded

www.securityfocus.com/bid/48667

www.securitytracker.com/id?1025788

bugzilla.redhat.com/show_bug.cgi?id=720948

exchange.xforce.ibmcloud.com/vulnerabilities/68541

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

marc.info/?l=bugtraq&m=132215163318824&w=2

marc.info/?l=bugtraq&m=133469267822771&w=2

marc.info/?l=bugtraq&m=136485229118404&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14573

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19514

6.7 Medium

AI Score

Confidence

High

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

14.3%

JSON

Related for PRION:CVE-2011-2526