CVE-2011-2481

medium

Apache

CVSS v3 Base Score

4.6

AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS Score

0.2%

Exploitation probability in 30 days

Top 53% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Confidentiality

Integrity

Availability

Published: August 15, 2011 (5386 days ago)

Last Modified: April 29, 2026

Vendor: Apache

Source: NVD

Description

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.

CWE

NVD-CWE-Other

Affected Products

apache tomcat

References

🔗 marc.info 🔗 secunia.com 🔗 securitytracker.com 🔗 svn.apache.org 🔗 svn.apache.org

CVE-2011-2481

Vulnerability Report

Description

CWE

Affected Products

References