CVE-2011-2481: Infoleak
First published: Mon Aug 15 2011(Updated: )
Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.apache.tomcat:tomcat | >=7.0.0<7.0.17 | 7.0.17 |
| Tomcat | =7.0.0 | |
| Tomcat | =7.0.0-beta | |
| Tomcat | =7.0.1 | |
| Tomcat | =7.0.2 | |
| Tomcat | =7.0.3 | |
| Tomcat | =7.0.4 | |
| Tomcat | =7.0.5 | |
| Tomcat | =7.0.6 | |
| Tomcat | =7.0.7 | |
| Tomcat | =7.0.8 | |
| Tomcat | =7.0.9 | |
| Tomcat | =7.0.10 | |
| Tomcat | =7.0.11 | |
| Tomcat | =7.0.12 | |
| Tomcat | =7.0.13 | |
| Tomcat | =7.0.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2011-2481
- https://issues.apache.org/bugzilla/show_bug.cgi?id=51395
- http://marc.info/?l=bugtraq&m=139344343412337&w=2
- http://svn.apache.org/viewvc?view=revision&revision=1137753
- http://svn.apache.org/viewvc?view=revision&revision=1138788
- http://tomcat.apache.org/security-7.html
- https://web.archive.org/web/20111209022500/http://www.securityfocus.com/bid/49147
- https://web.archive.org/web/20161127215021/http://securitytracker.com/id?1025924
- https://github.com/advisories/GHSA-r7c8-hghc-2mp8 (Advisory)
- http://secunia.com/advisories/57126
- http://securitytracker.com/id?1025924
- http://www.securityfocus.com/bid/49147
- https://github.com/apache/tomcat/commit/279e4451cb996f810fbca2f78b6340412d9daa7b
Frequently Asked Questions
What is the severity of CVE-2011-2481?
CVE-2011-2481 is classified as a medium-severity vulnerability.
How do I fix CVE-2011-2481?
To fix CVE-2011-2481, upgrade Apache Tomcat to version 7.0.17 or later.
What type of vulnerability is CVE-2011-2481?
CVE-2011-2481 is an XML parser vulnerability that can allow local users to access or modify web application files.
Which versions of Apache Tomcat are affected by CVE-2011-2481?
CVE-2011-2481 affects all Apache Tomcat versions prior to 7.0.17.
Are any specific files at risk due to CVE-2011-2481?
CVE-2011-2481 allows unauthorized access to important configuration files such as web.xml, context.xml, and tld files.
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-r7c8-hghc-2mp8
- alias/CVE-2011-2481
- agent/software-canonical-lookup
- agent/references
- agent/remedy
- agent/severity
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/trending
- agent/source
- agent/author
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-historical
- package-manager/maven
- vendor/apache
- canonical/tomcat
- version/tomcat/7.0.0
- version/tomcat/7.0.0-beta
- version/tomcat/7.0.1
- version/tomcat/7.0.2
- version/tomcat/7.0.3
- version/tomcat/7.0.4
- version/tomcat/7.0.5
- version/tomcat/7.0.6
- version/tomcat/7.0.7
- version/tomcat/7.0.8
- version/tomcat/7.0.9
- version/tomcat/7.0.10
- version/tomcat/7.0.11
- version/tomcat/7.0.12
- version/tomcat/7.0.13
- version/tomcat/7.0.14