Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2011-2481

Good to know:

icon

Date: August 15, 2011

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.

Language: Java

Severity Score

Related Resources (14)

https://github.com/apache/tomcat/commit/279e4451cb996f810fbca2f78b6340412d9daa7b
http://svn.apache.org/viewvc?view=revision&revision=1137753
http://svn.apache.org/viewvc?view=revision&revision=1138788
http://secunia.com/advisories/57126
http://tomcat.apache.org/security-7.html
https://web.archive.org/web/20111209022500/http://www.securityfocus.com/bid/49147
http://www.securityfocus.com/bid/49147
https://nvd.nist.gov/vuln/detail/CVE-2011-2481
https://issues.apache.org/bugzilla/show_bug.cgi?id=51395
https://github.com/apache/tomcat
http://marc.info/?l=bugtraq&m=139344343412337&w=2
https://web.archive.org/web/20161127215021/http://securitytracker.com/id?1025924
http://securitytracker.com/id?1025924
https://www.mend.io/vulnerability-database/CVE-2011-2481

Severity Score

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us