CVE-2011-3190

NameCVE-2011-3190
DescriptionCertain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2401-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tomcat5.5source(unstable)(unfixed)
tomcat6sourcesqueeze6.0.35-1+squeeze2DSA-2401-1
tomcat6source(unstable)6.0.35-1
tomcat7source(unstable)7.0.21-1

Search for package or bug name: Reporting problems