CVE-2011-2481

Publication date 15 August 2011

Last updated 4 August 2025

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
tomcat7	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

http://tomcat.apache.org/security-7.html
https://www.cve.org/CVERecord?id=CVE-2011-2481