What is the severity of CVE-2011-3190?

CVE-2011-3190 has been classified as a critical severity vulnerability due to potential unauthorized access to sensitive information.

How do I fix CVE-2011-3190?

To fix CVE-2011-3190, upgrade your Apache Tomcat version to 5.5.34, 6.0.34, or 7.0.21 or later.

What versions of Apache Tomcat are affected by CVE-2011-3190?

CVE-2011-3190 affects Apache Tomcat versions 5.5.0 through 5.5.33, 6.0.0 through 6.0.33, and 7.0.0 through 7.0.20.

What type of attack is possible due to CVE-2011-3190?

CVE-2011-3190 allows remote attackers to spoof AJP requests, bypass authentication, and potentially access sensitive information.

Is there a workaround for CVE-2011-3190?

While the best solution is to upgrade your Apache Tomcat, a temporary workaround involves restricting access to the AJP connectors.

Vulnerability/
CVE-2011-3190

high

7.5

CWE

287 264

31/8/2011

14/5/2022

6/8/2024

CVE-2011-3190

First published: Wed Aug 31 2011(Updated: )

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
maven/org.apache.tomcat:tomcat	>=5.0.0<=5.5.33	5.5.34
maven/org.apache.tomcat:tomcat	>=6.0.0<=6.0.33	6.0.34
maven/org.apache.tomcat:tomcat	>=7.0.0<=7.0.20	7.0.21
Apache Tomcat	=7.0.12
Apache Tomcat	=7.0.20
Apache Tomcat	=7.0.8
Apache Tomcat	=7.0.1
Apache Tomcat	=7.0.2
Apache Tomcat	=7.0.5
Apache Tomcat	=7.0.0
Apache Tomcat	=7.0.6
Apache Tomcat	=7.0.14
Apache Tomcat	=7.0.11
Apache Tomcat	=7.0.0-beta
Apache Tomcat	=7.0.7
Apache Tomcat	=7.0.13
Apache Tomcat	=7.0.19
Apache Tomcat	=7.0.16
Apache Tomcat	=7.0.10
Apache Tomcat	=7.0.17
Apache Tomcat	=7.0.9
Apache Tomcat	=7.0.4
Apache Tomcat	=7.0.3
Apache Tomcat	=6.0.33
Apache Tomcat	=6.0.6
Apache Tomcat	=6.0.11
Apache Tomcat	=6.0.7
Apache Tomcat	=6.0.4
Apache Tomcat	=6.0.15
Apache Tomcat	=6.0.20
Apache Tomcat	=6.0.10
Apache Tomcat	=6.0.31
Apache Tomcat	=6.0.29
Apache Tomcat	=6.0.3
Apache Tomcat	=6.0.9
Apache Tomcat	=6.0.24
Apache Tomcat	=6.0.17
Apache Tomcat	=6.0
Apache Tomcat	=6.0.32
Apache Tomcat	=6.0.28
Apache Tomcat	=6.0.0
Apache Tomcat	=6.0.14
Apache Tomcat	=6.0.1
Apache Tomcat	=6.0.12
Apache Tomcat	=6.0.18
Apache Tomcat	=6.0.5
Apache Tomcat	=6.0.30
Apache Tomcat	=6.0.2
Apache Tomcat	=6.0.13
Apache Tomcat	=6.0.26
Apache Tomcat	=6.0.19
Apache Tomcat	=6.0.27
Apache Tomcat	=6.0.16
Apache Tomcat	=6.0.8
Apache Tomcat	=5.5.27
Apache Tomcat	=5.5.18
Apache Tomcat	=5.5.12
Apache Tomcat	=5.5.14
Apache Tomcat	=5.5.10
Apache Tomcat	=5.5.4
Apache Tomcat	=5.5.7
Apache Tomcat	=5.5.1
Apache Tomcat	=5.5.11
Apache Tomcat	=5.5.28
Apache Tomcat	=5.5.6
Apache Tomcat	=5.5.26
Apache Tomcat	=5.5.20
Apache Tomcat	=5.5.15
Apache Tomcat	=5.5.5
Apache Tomcat	=5.5.30
Apache Tomcat	=5.5.21
Apache Tomcat	=5.5.22
Apache Tomcat	=5.5.3
Apache Tomcat	=5.5.32
Apache Tomcat	=5.5.31
Apache Tomcat	=5.5.9
Apache Tomcat	=5.5.25
Apache Tomcat	=5.5.33
Apache Tomcat	=5.5.2
Apache Tomcat	=5.5.0
Apache Tomcat	=5.5.13
Apache Tomcat	=5.5.24
Apache Tomcat	=5.5.8
Apache Tomcat	=5.5.16
Apache Tomcat	=5.5.17
Apache Tomcat	=5.5.29
Apache Tomcat	=5.5.19
Apache Tomcat	=5.5.23

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-3190?
CVE-2011-3190 has been classified as a critical severity vulnerability due to potential unauthorized access to sensitive information.
How do I fix CVE-2011-3190?
To fix CVE-2011-3190, upgrade your Apache Tomcat version to 5.5.34, 6.0.34, or 7.0.21 or later.
What versions of Apache Tomcat are affected by CVE-2011-3190?
CVE-2011-3190 affects Apache Tomcat versions 5.5.0 through 5.5.33, 6.0.0 through 6.0.33, and 7.0.0 through 7.0.20.
What type of attack is possible due to CVE-2011-3190?
CVE-2011-3190 allows remote attackers to spoof AJP requests, bypass authentication, and potentially access sensitive information.
Is there a workaround for CVE-2011-3190?
While the best solution is to upgrade your Apache Tomcat, a temporary workaround involves restricting access to the AJP connectors.

collector/nvd-index
collector/nvd-historical
agent/type
agent/severity
agent/weakness
agent/softwarecombine
agent/description
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/author
collector/github-advisory-latest
source/GitHub
alias/GHSA-c38m-v4m2-524v
alias/CVE-2011-3190
agent/references
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/tags
agent/source
vendor/apache
canonical/apache tomcat
version/apache tomcat/7.0.0
version/apache tomcat/7.0.0-beta
version/apache tomcat/7.0.1
version/apache tomcat/7.0.2
version/apache tomcat/7.0.3
version/apache tomcat/7.0.4
version/apache tomcat/7.0.5
version/apache tomcat/7.0.6
version/apache tomcat/7.0.7
version/apache tomcat/7.0.8
version/apache tomcat/7.0.9
version/apache tomcat/7.0.10
version/apache tomcat/7.0.11
version/apache tomcat/7.0.12
version/apache tomcat/7.0.13
version/apache tomcat/7.0.14
version/apache tomcat/7.0.16
version/apache tomcat/7.0.17
version/apache tomcat/7.0.19
version/apache tomcat/7.0.20
version/apache tomcat/6.0
version/apache tomcat/6.0.0
version/apache tomcat/6.0.1
version/apache tomcat/6.0.2
version/apache tomcat/6.0.3
version/apache tomcat/6.0.4
version/apache tomcat/6.0.5
version/apache tomcat/6.0.6
version/apache tomcat/6.0.7
version/apache tomcat/6.0.8
version/apache tomcat/6.0.9
version/apache tomcat/6.0.10
version/apache tomcat/6.0.11
version/apache tomcat/6.0.12
version/apache tomcat/6.0.13
version/apache tomcat/6.0.14
version/apache tomcat/6.0.15
version/apache tomcat/6.0.16
version/apache tomcat/6.0.17
version/apache tomcat/6.0.18
version/apache tomcat/6.0.19
version/apache tomcat/6.0.20
version/apache tomcat/6.0.24
version/apache tomcat/6.0.26
version/apache tomcat/6.0.27
version/apache tomcat/6.0.28
version/apache tomcat/6.0.29
version/apache tomcat/6.0.30
version/apache tomcat/6.0.31
version/apache tomcat/6.0.32
version/apache tomcat/6.0.33
version/apache tomcat/5.5.0
version/apache tomcat/5.5.1
version/apache tomcat/5.5.2
version/apache tomcat/5.5.3
version/apache tomcat/5.5.4
version/apache tomcat/5.5.5
version/apache tomcat/5.5.6
version/apache tomcat/5.5.7
version/apache tomcat/5.5.8
version/apache tomcat/5.5.9
version/apache tomcat/5.5.10
version/apache tomcat/5.5.11
version/apache tomcat/5.5.12
version/apache tomcat/5.5.13
version/apache tomcat/5.5.14
version/apache tomcat/5.5.15
version/apache tomcat/5.5.16
version/apache tomcat/5.5.17
version/apache tomcat/5.5.18
version/apache tomcat/5.5.19
version/apache tomcat/5.5.20
version/apache tomcat/5.5.21
version/apache tomcat/5.5.22
version/apache tomcat/5.5.23
version/apache tomcat/5.5.24
version/apache tomcat/5.5.25
version/apache tomcat/5.5.26
version/apache tomcat/5.5.27
version/apache tomcat/5.5.28
version/apache tomcat/5.5.29
version/apache tomcat/5.5.30
version/apache tomcat/5.5.31
version/apache tomcat/5.5.32
version/apache tomcat/5.5.33
package-manager/maven

CVE-2011-3190

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-3190?

How do I fix CVE-2011-3190?

What versions of Apache Tomcat are affected by CVE-2011-3190?

What type of attack is possible due to CVE-2011-3190?

Is there a workaround for CVE-2011-3190?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2011-3190?

How do I fix CVE-2011-3190?

What versions of Apache Tomcat are affected by CVE-2011-3190?

What type of attack is possible due to CVE-2011-3190?

Is there a workaround for CVE-2011-3190?