CVE-2011-3190 — Apache Tomcat Allows Remote Attackers to Spoof AJP Requests

Description

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

How to fix CVE-2011-3190

To remediate CVE-2011-3190, upgrade the affected package to a fixed version below.

Maven/org.apache.tomcat:tomcat—upgrade to 7.0.21 or later

Is CVE-2011-3190 being exploited?

Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 7.0.0, < 7.0.21

References (22)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2011-3190
PATCHgithub.com/apache/tomcat
WEBmarc.info/?l=bugtraq&m=132215163318824&w=2
WEBmarc.info/?l=bugtraq&m=133469267822771&w=2
WEBmarc.info