CVE-2011-3190

Priority
Description
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0
through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly
other versions allow remote attackers to spoof AJP requests, bypass
authentication, and obtain sensitive information by causing the connector
to interpret a request body as a new request.
Assigned-to
mdeslaur
Package
Upstream:released (5.5.34)
Patches:
Other:http://svn.apache.org/viewvc?rev=1162960&view=rev
Package
Upstream:released (6.0.33)
Patches:
Other:http://svn.apache.org/viewvc?rev=1162959&view=rev
Package
Upstream:released (7.0.21-1)
Patches:
Other:http://svn.apache.org/viewvc?rev=1162958&view=rev
More Information

Updated: 2019-03-19 12:00:20 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)