Launchpad.net

CVE 2011-3376

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

Related bugs and status

CVE-2011-3376 (Candidate) is related to these bugs:

Bug #1115053: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10

		In	Importance	Status
1115053	Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10	tomcat7 (Ubuntu)	Undecided	Fix Released
1115053	Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10	tomcat7 (Ubuntu Oneiric)	Undecided	Fix Released
1115053	Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10	tomcat7 (Ubuntu Precise)	Undecided	Fix Released
1115053	Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10	tomcat7 (Ubuntu Raring)	Undecided	Fix Released
1115053	Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10	tomcat7 (Ubuntu Quantal)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-3376

Related bugs and status

Related bugs

References