Apache Tomcat CVE-2011-3376 Weak Authentication Vulnerability
Description
This issue only affects environments running web applications that are not trusted (e.g. shared hosting environments). The Servlets that implement the functionality of the Manager application that ships with Apache Tomcat should only be available to Contexts (web applications) that are marked as privileged. However, this check was not being made. This allowed an untrusted web application to use the functionality of the Manager application. This could be used to obtain information on running web applications as well as deploying additional web applications.
Affected Applications
Apache Tomcat