Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2011-2204

Good to know:

icon
icon

Date: June 29, 2011

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.

Language: Java

Severity Score

Related Resources (38)

https://bugzilla.redhat.com/show_bug.cgi?id=717013
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19532
http://tomcat.apache.org/security-5.html
http://www.debian.org/security/2012/dsa-2401
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://www.redhat.com/support/errata/RHSA-2011-1845.html
https://github.com/apache/tomcat
http://support.apple.com/kb/HT5130
https://nvd.nist.gov/vuln/detail/CVE-2011-2204
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
http://marc.info/?l=bugtraq&m=133469267822771&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://github.com/apache/tomcat/commit/763a56b45999653ce648a18462b8a826809215b1
http://www.securityfocus.com/bid/48456
https://exchange.xforce.ibmcloud.com/vulnerabilities/68238
http://www.osvdb.org/73429
http://secunia.com/advisories/57126
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14931
http://tomcat.apache.org/security-7.html
https://access.redhat.com/security/cve/CVE-2011-2204
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://web.archive.org/web/20110711083618/http://securitytracker.com/id?1025712
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
http://marc.info/?l=bugtraq&m=132215163318824&w=2
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://secunia.com/advisories/44981
http://secunia.com/advisories/48308
https://github.com/apache/tomcat55/commit/8b81c8c869987e35deed04993ecfcf7be27ca298
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
http://tomcat.apache.org/security-6.html
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
https://access.redhat.com/errata/RHSA-2011:1845
http://securitytracker.com/id?1025712
https://www.mend.io/vulnerability-database/CVE-2011-2204

Severity Score

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Information Exposure Through Log Files

CWE-532

Top Fix

icon

Upgrade Version

Upgrade to version org.apache.tomcat:catalina:6.0.33,org.apache.tomcat:tomcat-catalina:7.0.19,org.apache.tomcat.embed:tomcat-embed-core:7.0.19

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us