7.3 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.2%
It was discovered that Tomcat incorrectly implemented HTTP DIGEST
authentication. An attacker could use this flaw to perform a variety of
authentication attacks. (CVE-2011-1184)
Polina Genova discovered that Tomcat incorrectly created log entries with
passwords when encountering errors during JMX user creation. A local
attacker could possibly use this flaw to obtain sensitive information. This
issue only affected Ubuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-2204)
It was discovered that Tomcat incorrectly validated certain request
attributes when sendfile is enabled. A local attacker could bypass intended
restrictions, or cause the JVM to crash, resulting in a denial of service.
(CVE-2011-2526)
It was discovered that Tomcat incorrectly handled certain AJP requests. A
remote attacker could use this flaw to spoof requests, bypass
authentication, and obtain sensitive information. This issue only affected
Ubuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-3190)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 11.10 | noarch | libtomcat6-java | < 6.0.32-5ubuntu1.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | libservlet2.5-java | < 6.0.32-5ubuntu1.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | libservlet2.5-java-doc | < 6.0.32-5ubuntu1.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | tomcat6 | < 6.0.32-5ubuntu1.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | tomcat6-admin | < 6.0.32-5ubuntu1.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | tomcat6-common | < 6.0.32-5ubuntu1.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | tomcat6-docs | < 6.0.32-5ubuntu1.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | tomcat6-examples | < 6.0.32-5ubuntu1.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | tomcat6-extras | < 6.0.32-5ubuntu1.1 | UNKNOWN |
Ubuntu | 11.10 | noarch | tomcat6-user | < 6.0.32-5ubuntu1.1 | UNKNOWN |