CVE-2011-3190

N/A Unknown

Published: August 31, 2011 Modified: April 29, 2026

Description

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://marc.info/?l=bugtraq&m=132215163318824&w=2

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=133469267822771&w=2

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=136485229118404&w=2

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=139344343412337&w=2

Source: secalert@redhat.com

http://secunia.com/advisories/45748

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/48308

Source: secalert@redhat.com

http://secunia.com/advisories/49094

Source: secalert@redhat.com

http://secunia.com/advisories/57126

Source: secalert@redhat.com

http://securityreason.com/securityalert/8362

Source: secalert@redhat.com

http://www.debian.org/security/2012/dsa-2401

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2011:156

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/519466/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/49353

Source: secalert@redhat.com

http://www.securitytracker.com/id?1025993

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/69472

Source: secalert@redhat.com

https://issues.apache.org/bugzilla/show_bug.cgi?id=51698

Source: secalert@redhat.com

Exploit

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=132215163318824&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=133469267822771&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=136485229118404&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=139344343412337&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/45748

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/48308

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/49094

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/57126

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/8362

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2012/dsa-2401

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:156

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/519466/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/49353

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1025993

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/69472

Source: af854a3a-2127-422b-91ae-364da2661108

https://issues.apache.org/bugzilla/show_bug.cgi?id=51698

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465

Source: af854a3a-2127-422b-91ae-364da2661108

44 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

15.2%

96th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

apache

Related CVEs

CVE-2026-12415 9.8

CVE-2026-13422 4.3

CVE-2026-13335 6.4

CVE-2026-13333 6.5

CVE-2026-13331 6.5