1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Candidate: CVE-2011-2481
PublicDate: 2011-08-15
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2481
http://tomcat.apache.org/security-7.html
Description:
Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an
XML parser used for other web applications, which allows local users to
read or modify the (1) web.xml, (2) context.xml, or (3) tld files of
arbitrary web applications via a crafted application that is loaded earlier
than the target application. NOTE: this vulnerability exists because of a
CVE-2009-0783 regression.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
Patches_tomcat7:
upstream_tomcat7: released (7.0.17)
hardy_tomcat7: DNE
lucid_tomcat7: DNE
maverick_tomcat7: DNE
natty_tomcat7: DNE
devel_tomcat7: not-affected (7.0.19-1)
|