Your submission was sent successfully! Close

CVE-2011-2204

Published: 29 June 2011

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.

Priority

Low

Status

Package Release Status
tomcat5.5
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream
Released (5.5.34)
Patches:
upstream: http://svn.apache.org/viewvc?view=revision&revision=1140072

tomcat6
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (6.0.24-2ubuntu1.9)
maverick
Released (6.0.28-2ubuntu1.5)
natty
Released (6.0.28-10ubuntu2.2)
oneiric Not vulnerable
(6.0.32-5)
upstream
Released (6.0.33)
Patches:

upstream: http://svn.apache.org/viewvc?view=revision&revision=1140071
tomcat7
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Not vulnerable
(7.0.16-3)
upstream
Released (7.0.17)