| VID |
22542 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
According to its self-reported version number, the instance of Apache Tomcat 7.x listening on the remote host is earlier than 7.0.22 and is therefore potentially affected by a servlet access restriction bypass vulnerability.
The web server is not properly restricting access to the servlets that provide the functionality of the Manager application. This can allow untrusted web applications to access privileged internal functionality such as gathering information on running web applications and deploying additional web applications.
* Note: This check solely relied on the version number of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://svn.apache.org/viewvc?view=revision&revision=1176588
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.22
* Platforms Affected:
Apache Tomcat Server versions prior to 7.0.22
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Apache Tomcat Server (7.0.22 or later), available from the Apache Software Foundation download site, http://tomcat.apache.org/ |
| Related URL |
CVE-2011-3376 (CVE) |
| Related URL |
50603 (SecurityFocus) |
| Related URL |
(ISS) |
|
