tomcat security update
Specially crafted AJP messages could be used bypass
authentication (CVE-2011-3190).
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 5149
Fixed bugs
bnc#715991
VUL-0: CVE-2011-3190: tomcat authentication bypass and information disclosure
CVE#CVE-2011-3190
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive informa