Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2011-2204
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file..
CVSSv2.0 Score
- Severity
- Low
- Base Score
- 1.9/10
- Exploit Score
- 3.4/10
- Access Vector
- Local
- Access Complexity
- Medium
- Authentication Required
- None
- Impact Score
- 2.9/10
- Confidentiality Impact
- Partial
- Availability Impact
- None
- Integrity Impact
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- http://www.osvdb.org/73429
- https://bugzilla.redhat.com/show_bug.cgi?id=717013
- http://tomcat.apache.org/security-6.html
- http://tomcat.apache.org/security-5.html
- http://tomcat.apache.org/security-7.html
- http://secunia.com/advisories/44981
- http://securitytracker.com/id?1025712
- http://www.securityfocus.com/bid/48456
- http://www.redhat.com/support/errata/RHSA-2011-1845.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
- http://support.apple.com/kb/HT5130
- http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
- http://www.debian.org/security/2012/dsa-2401
- http://marc.info/?l=bugtraq&m=132215163318824&w=2
- http://marc.info/?l=bugtraq&m=136485229118404&w=2
- http://marc.info/?l=bugtraq&m=139344343412337&w=2
- http://secunia.com/advisories/57126
- http://marc.info/?l=bugtraq&m=133469267822771&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68238
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1
- http://secunia.com/advisories/48308
- https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789a
- https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc1
- https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d158
- https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080