Apache Tomcat CVE-2011-3376 Weak Authentication Vulnerability

description-logoDescription

This issue only affects environments running web applications that are not trusted (e.g. shared hosting environments). The Servlets that implement the functionality of the Manager application that ships with Apache Tomcat should only be available to Contexts (web applications) that are marked as privileged. However, this check was not being made. This allowed an untrusted web application to use the functionality of the Manager application. This could be used to obtain information on running web applications as well as deploying additional web applications.

affected-products-logoAffected Applications

Apache Tomcat

CVE References

CVE-2011-3376