Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-3376
HistoryNov 11, 2011 - 12:00 a.m.

CVE-2011-3376

2011-11-1100:00:00
ubuntu.com
ubuntu.com
17

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

0

Percentile

5.1%

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x
before 7.0.22 does not properly restrict ContainerServlets in the Manager
application, which allows local users to gain privileges by using an
untrusted web application to access the Manager applicationโ€™s
functionality.

OSVersionArchitecturePackageVersionFilename
ubuntu11.10noarchtomcat7<ย 7.0.21-1ubuntu0.1UNKNOWN

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

0

Percentile

5.1%