Skip to main content

CVE-2011-2481

Severity

5.9

Description

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.

Mitigation

We recommend upgrading to a version of this component that is not vulnerable to this specific issue.

Project

Apache Tomcat

Category
n/a
Tags
data
operational
Date Disclosed

2011-08-15

Date Discovered

2011-06-15

Apache Tomcat 7.0.x

First release:
2011-01-14
First release:
2021-03-31
CVEs:
53
Support Lifecycle:
Namespace:
javax
Feel Vulnerable? 

Contact us so we can help you.

* These fields are required.