Published: 15/08/2011 Updated: 07/11/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Apache Tomcat 7.0.x prior to 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tomcat 7.0.12
apache tomcat 7.0.8
apache tomcat 7.0.1
apache tomcat 7.0.2
apache tomcat 7.0.5
apache tomcat 7.0.0
apache tomcat 7.0.6
apache tomcat 7.0.14
apache tomcat 7.0.11
apache tomcat 7.0.7
apache tomcat 7.0.13
apache tomcat 7.0.10
apache tomcat 7.0.9
apache tomcat 7.0.4
apache tomcat 7.0.3

NVD-CWE-Other https://issues.apache.org/bugzilla/show_bug.cgi?id=51395 http://svn.apache.org/viewvc?view=revision&revision=1138788 http://svn.apache.org/viewvc?view=revision&revision=1137753 http://securitytracker.com/id?1025924 http://tomcat.apache.org/security-7.html http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://secunia.com/advisories/57126 http://www.securityfocus.com/bid/49147 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-2481

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect