CVE-2011-3190
Published: 31 August 2011
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
Priority
Status
Package | Release | Status |
---|---|---|
tomcat5.5 Launchpad, Ubuntu, Debian |
upstream |
Released
(5.5.34)
|
hardy |
Released
(5.5.25-5ubuntu1.3)
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
Patches: other: http://svn.apache.org/viewvc?rev=1162960&view=rev |
||
tomcat6 Launchpad, Ubuntu, Debian |
upstream |
Released
(6.0.33)
|
hardy |
Does not exist
|
|
lucid |
Released
(6.0.24-2ubuntu1.9)
|
|
maverick |
Released
(6.0.28-2ubuntu1.5)
|
|
natty |
Released
(6.0.28-10ubuntu2.2)
|
|
oneiric |
Not vulnerable
(6.0.32-5ubuntu1)
|
|
Patches: other: http://svn.apache.org/viewvc?rev=1162959&view=rev |
||
tomcat7 Launchpad, Ubuntu, Debian |
upstream |
Released
(7.0.21-1)
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Released
(7.0.21-1)
|
|
Patches: other: http://svn.apache.org/viewvc?rev=1162958&view=rev |