VIR Vulnerability Intelligence Relay

CVE-2011-2526

medium
Published 2011-07-14 · Modified 2024-02-21
CVSS v3
CVSS v2
4.4
VIR risk
4.4

Description

Improper Input Validation in Apache Tomcat

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://bugzilla.redhat.com/show_bug.cgi?id=720948

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://svn.apache.org/viewvc?view=revision&revision=1146005

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://svn.apache.org/viewvc?view=revision&revision=1145694

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://svn.apache.org/viewvc?view=revision&revision=1145571

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://svn.apache.org/viewvc?view=revision&revision=1145383

Package impact
EcosystemPackageVulnerableFixed
java Mavenorg.apache.tomcat:tomcat<5.5.345.5.34
java Mavenorg.apache.tomcat:tomcat>=6.0.0,<6.0.336.0.33
java Mavenorg.apache.tomcat:tomcat>=7.0.0,<7.0.197.0.19

Application impact
VendorProductVersionsFixed
apache apachetomcat5.5.0
apache apachetomcat5.5.1
apache apachetomcat5.5.2
apache apachetomcat5.5.3
apache apachetomcat5.5.4
apache apachetomcat5.5.5
apache apachetomcat5.5.6
apache apachetomcat5.5.7
apache apachetomcat5.5.8
apache apachetomcat5.5.9
apache apachetomcat5.5.10
apache apachetomcat5.5.11
apache apachetomcat5.5.12
apache apachetomcat5.5.13
apache apachetomcat5.5.14
apache apachetomcat5.5.15
apache apachetomcat5.5.16
apache apachetomcat5.5.17
apache apachetomcat5.5.18
apache apachetomcat5.5.19
apache apachetomcat5.5.20
apache apachetomcat5.5.21
apache apachetomcat5.5.22
apache apachetomcat5.5.23
apache apachetomcat5.5.24
apache apachetomcat5.5.25
apache apachetomcat5.5.26
apache apachetomcat5.5.27
apache apachetomcat5.5.28
apache apachetomcat5.5.29
apache apachetomcat5.5.30
apache apachetomcat5.5.31
apache apachetomcat5.5.32
apache apachetomcat5.5.33
apache apachetomcat6.0
apache apachetomcat6.0.0
apache apachetomcat6.0.1
apache apachetomcat6.0.2
apache apachetomcat6.0.3
apache apachetomcat6.0.4
apache apachetomcat6.0.5
apache apachetomcat6.0.6
apache apachetomcat6.0.7
apache apachetomcat6.0.8
apache apachetomcat6.0.9
apache apachetomcat6.0.10
apache apachetomcat6.0.11
apache apachetomcat6.0.12
apache apachetomcat6.0.13
apache apachetomcat6.0.14
apache apachetomcat6.0.15
apache apachetomcat6.0.16
apache apachetomcat6.0.17
apache apachetomcat6.0.18
apache apachetomcat6.0.19
apache apachetomcat6.0.20
apache apachetomcat6.0.24
apache apachetomcat6.0.26
apache apachetomcat6.0.27
apache apachetomcat6.0.28
apache apachetomcat6.0.29
apache apachetomcat6.0.30
apache apachetomcat6.0.31
apache apachetomcat6.0.32
apache apachetomcat7.0.0
apache apachetomcat7.0.1
apache apachetomcat7.0.2
apache apachetomcat7.0.3
apache apachetomcat7.0.4
apache apachetomcat7.0.5
apache apachetomcat7.0.6
apache apachetomcat7.0.7
apache apachetomcat7.0.8
apache apachetomcat7.0.9
apache apachetomcat7.0.10
apache apachetomcat7.0.11
apache apachetomcat7.0.12
apache apachetomcat7.0.14
apache apachetomcat7.0.17

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.