CVE-2011-2204
The MITRE CVE dictionary describes this issue as:
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
Find out more about CVE-2011-2204 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.
CVSS v2 metrics
| Base Score | 2.1 |
|---|---|
| Base Metrics | AV:N/AC:H/Au:S/C:P/I:N/A:N |
| Access Vector | Network |
| Access Complexity | High |
| Authentication | Single |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server (tomcat6) | RHSA-2012:0682 | 2012-05-21 |
| Red Hat Enterprise Linux 6 (tomcat6) | RHSA-2011:1780 | 2011-12-05 |
| Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server (tomcat5) | RHSA-2012:0680 | 2012-05-21 |
| Red Hat Enterprise Linux 5 (tomcat5) | RHSA-2011:1845 | 2011-12-20 |
| Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server (tomcat6) | RHSA-2012:0682 | 2012-05-21 |
| Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server (tomcat5) | RHSA-2012:0680 | 2012-05-21 |
| Red Hat JBoss Web Server 1.0 | RHSA-2012:0679 | 2012-05-21 |
| Red Hat JBoss Web Server 1.0 | RHSA-2012:0681 | 2012-05-21 |
CVE description copyright © 2017, The MITRE Corporation