CVE-2011-3190 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2011-3190 Interim 1 8 2023-12-08T02:58:08Z current 2021-05-30T12:59:30Z 2023-12-08T02:58:08Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2011-3190 Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 tomcat6-6.0.18-20.35.36.1 tomcat6-6.0.18-20.35.40.1 tomcat6-6.0.41-0.43.1 tomcat6-admin-webapps-6.0.18-20.35.36.1 tomcat6-admin-webapps-6.0.18-20.35.40.1 tomcat6-admin-webapps-6.0.41-0.43.1 tomcat6-docs-webapp-6.0.18-20.35.36.1 tomcat6-docs-webapp-6.0.18-20.35.40.1 tomcat6-docs-webapp-6.0.41-0.43.1 tomcat6-javadoc-6.0.18-20.35.36.1 tomcat6-javadoc-6.0.18-20.35.40.1 tomcat6-javadoc-6.0.41-0.43.1 tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 tomcat6-jsp-2_1-api-6.0.41-0.43.1 tomcat6-lib-6.0.18-20.35.36.1 tomcat6-lib-6.0.18-20.35.40.1 tomcat6-lib-6.0.41-0.43.1 tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 tomcat6-servlet-2_5-api-6.0.41-0.43.1 tomcat6-webapps-6.0.18-20.35.36.1 tomcat6-webapps-6.0.18-20.35.40.1 tomcat6-webapps-6.0.41-0.43.1 tomcat6-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-admin-webapps-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-docs-webapp-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-javadoc-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-lib-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-webapps-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-admin-webapps-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-docs-webapp-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-javadoc-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-lib-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-webapps-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-admin-webapps-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-docs-webapp-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-javadoc-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-jsp-2_1-api-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-lib-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-servlet-2_5-api-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-webapps-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. CVE-2011-3190 SUSE Linux Enterprise Server 11 SP2:tomcat6-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-admin-webapps-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-docs-webapp-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-javadoc-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-lib-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-webapps-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-javadoc-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-lib-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-webapps-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-admin-webapps-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-docs-webapp-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-javadoc-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-jsp-2_1-api-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-lib-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-servlet-2_5-api-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-webapps-6.0.41-0.43.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P