CVE-2011-3376

medium Apache
CVSS v3 Base Score
4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
EPSS Score
0.3%
Exploitation probability in 30 days
Top 47% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P
Published: November 11, 2011 (5298 days ago)
Last Modified: April 29, 2026
Vendor: Apache
Source: NVD

Description

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

CWE

CWE-264

Affected Products

apache tomcat

References

🔗 svn.apache.org 🔗 svn.apache.org 🔗 tomcat.apache.org 🔗 www.securityfocus.com 🔗 svn.apache.org