Moderate severityNVD Advisory· Published Jun 29, 2011· Updated Apr 29, 2026
CVE-2011-2204
CVE-2011-2204
Description
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.tomcat:tomcatMaven | >= 5.5.0, < 5.5.34 | 5.5.34 |
org.apache.tomcat:tomcatMaven | >= 6.0.0, < 6.0.33 | 6.0.33 |
org.apache.tomcat:tomcatMaven | >= 7.0.0, < 7.0.19 | 7.0.19 |
Affected products
79cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*+ 78 more
- cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
Patches
28b81c8c86998Fix CVE-2011-2204.
4 files changed · +64 −12
container/catalina/src/share/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java+9 −9 modified@@ -188,7 +188,7 @@ public String createGroup(String groupname, String description) { MBeanUtils.createMBean(group); } catch (Exception e) { IllegalArgumentException iae = new IllegalArgumentException - ("Exception creating group " + group + " MBean"); + ("Exception creating group [" + groupname + "] MBean"); jdkCompat.chainException(iae, e); throw iae; } @@ -211,7 +211,7 @@ public String createRole(String rolename, String description) { MBeanUtils.createMBean(role); } catch (Exception e) { IllegalArgumentException iae = new IllegalArgumentException - ("Exception creating role " + role + " MBean"); + ("Exception creating role [" + rolename + "] MBean"); jdkCompat.chainException(iae, e); throw iae; } @@ -236,7 +236,7 @@ public String createUser(String username, String password, MBeanUtils.createMBean(user); } catch (Exception e) { IllegalArgumentException iae = new IllegalArgumentException - ("Exception creating user " + user + " MBean"); + ("Exception creating user [" + username + "] MBean"); jdkCompat.chainException(iae, e); throw iae; } @@ -264,7 +264,7 @@ public String findGroup(String groupname) { return (oname.toString()); } catch (MalformedObjectNameException e) { IllegalArgumentException iae = new IllegalArgumentException - ("Cannot create object name for group " + group); + ("Cannot create object name for group [" + groupname + "]"); jdkCompat.chainException(iae, e); throw iae; } @@ -291,7 +291,7 @@ public String findRole(String rolename) { return (oname.toString()); } catch (MalformedObjectNameException e) { IllegalArgumentException iae = new IllegalArgumentException - ("Cannot create object name for role " + role); + ("Cannot create object name for role [" + rolename + "]"); jdkCompat.chainException(iae, e); throw iae; } @@ -318,7 +318,7 @@ public String findUser(String username) { return (oname.toString()); } catch (MalformedObjectNameException e) { IllegalArgumentException iae = new IllegalArgumentException - ("Cannot create object name for user " + user); + ("Cannot create object name for user [" + username + "]"); jdkCompat.chainException(iae, e); throw iae; } @@ -343,7 +343,7 @@ public void removeGroup(String groupname) { database.removeGroup(group); } catch (Exception e) { IllegalArgumentException iae = new IllegalArgumentException - ("Exception destroying group " + group + " MBean"); + ("Exception destroying group [" + groupname + "] MBean"); jdkCompat.chainException(iae, e); throw iae; } @@ -368,7 +368,7 @@ public void removeRole(String rolename) { database.removeRole(role); } catch (Exception e) { IllegalArgumentException iae = new IllegalArgumentException - ("Exception destroying role " + role + " MBean"); + ("Exception destroying role [" + rolename + "] MBean"); jdkCompat.chainException(iae, e); throw iae; } @@ -393,7 +393,7 @@ public void removeUser(String username) { database.removeUser(user); } catch (Exception e) { IllegalArgumentException iae = new IllegalArgumentException - ("Exception destroying user " + user + " MBean"); + ("Exception destroying user [" + username + "] MBean"); jdkCompat.chainException(iae, e); throw iae; }
container/catalina/src/share/org/apache/catalina/users/MemoryUserDatabase.java+1 −1 modified@@ -541,7 +541,7 @@ public void save() throws Exception { values = getUsers(); while (values.hasNext()) { writer.print(" "); - writer.println(values.next()); + writer.println(((MemoryUser) values.next()).toXml()); } // Print the file epilog
container/catalina/src/share/org/apache/catalina/users/MemoryUser.java+49 −1 modified@@ -246,7 +246,7 @@ public void removeRoles() { * <code>username</code> or </code>name</code> for the username * property.</p> */ - public String toString() { + public String toXml() { StringBuffer sb = new StringBuffer("<user username=\""); sb.append(RequestUtil.filter(username)); @@ -293,5 +293,53 @@ public String toString() { } + /** + * <p>Return a String representation of this user.</p> + */ + public String toString() { + + StringBuffer sb = new StringBuffer("User username=\""); + sb.append(RequestUtil.filter(username)); + sb.append("\""); + if (fullName != null) { + sb.append(", fullName=\""); + sb.append(RequestUtil.filter(fullName)); + sb.append("\""); + } + synchronized (groups) { + if (groups.size() > 0) { + sb.append(", groups=\""); + int n = 0; + Iterator values = groups.iterator(); + while (values.hasNext()) { + if (n > 0) { + sb.append(','); + } + n++; + sb.append(RequestUtil.filter( + ((Group)values.next()).getGroupname())); + } + sb.append("\""); + } + } + synchronized (roles) { + if (roles.size() > 0) { + sb.append(", roles=\""); + int n = 0; + Iterator values = roles.iterator(); + while (values.hasNext()) { + if (n > 0) { + sb.append(','); + } + n++; + sb.append(RequestUtil.filter( + ((Role)values.next()).getRolename())); + } + sb.append("\""); + } + } + return (sb.toString()); + } + }
container/webapps/docs/changelog.xml+5 −1 modified@@ -55,7 +55,11 @@ response, prevent further reads from the request since this causes various problems in the connectors which do not expect this. (markt) </fix> - </changelog> + <fix> + Fix CVE-2011-2204. Prevent user passwords appearing in log files if a + runtime exception (e.g. OOME) occurs while creating a new user for a + MemoryUserDatabase via JMX. (markt) + </fix> </changelog> </subsection> <subsection name="Webapps"> <changelog>
763a56b45999Fix CVE-2011-2204.
4 files changed · +63 −12
java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java+9 −9 modified@@ -173,7 +173,7 @@ public String createGroup(String groupname, String description) { MBeanUtils.createMBean(group); } catch (Exception e) { IllegalArgumentException iae = new IllegalArgumentException - ("Exception creating group " + group + " MBean"); + ("Exception creating group [" + groupname + "] MBean"); iae.initCause(e); throw iae; } @@ -196,7 +196,7 @@ public String createRole(String rolename, String description) { MBeanUtils.createMBean(role); } catch (Exception e) { IllegalArgumentException iae = new IllegalArgumentException - ("Exception creating role " + role + " MBean"); + ("Exception creating role [" + rolename + "] MBean"); iae.initCause(e); throw iae; } @@ -221,7 +221,7 @@ public String createUser(String username, String password, MBeanUtils.createMBean(user); } catch (Exception e) { IllegalArgumentException iae = new IllegalArgumentException - ("Exception creating user " + user + " MBean"); + ("Exception creating user [" + username + "] MBean"); iae.initCause(e); throw iae; } @@ -249,7 +249,7 @@ public String findGroup(String groupname) { return (oname.toString()); } catch (MalformedObjectNameException e) { IllegalArgumentException iae = new IllegalArgumentException - ("Cannot create object name for group " + group); + ("Cannot create object name for group [" + groupname + "]"); iae.initCause(e); throw iae; } @@ -276,7 +276,7 @@ public String findRole(String rolename) { return (oname.toString()); } catch (MalformedObjectNameException e) { IllegalArgumentException iae = new IllegalArgumentException - ("Cannot create object name for role " + role); + ("Cannot create object name for role [" + rolename + "]"); iae.initCause(e); throw iae; } @@ -303,7 +303,7 @@ public String findUser(String username) { return (oname.toString()); } catch (MalformedObjectNameException e) { IllegalArgumentException iae = new IllegalArgumentException - ("Cannot create object name for user " + user); + ("Cannot create object name for user [" + username + "]"); iae.initCause(e); throw iae; } @@ -328,7 +328,7 @@ public void removeGroup(String groupname) { database.removeGroup(group); } catch (Exception e) { IllegalArgumentException iae = new IllegalArgumentException - ("Exception destroying group " + group + " MBean"); + ("Exception destroying group [" + groupname + "] MBean"); iae.initCause(e); throw iae; } @@ -353,7 +353,7 @@ public void removeRole(String rolename) { database.removeRole(role); } catch (Exception e) { IllegalArgumentException iae = new IllegalArgumentException - ("Exception destroying role " + role + " MBean"); + ("Exception destroying role [" + rolename + "] MBean"); iae.initCause(e); throw iae; } @@ -378,7 +378,7 @@ public void removeUser(String username) { database.removeUser(user); } catch (Exception e) { IllegalArgumentException iae = new IllegalArgumentException - ("Exception destroying user " + user + " MBean"); + ("Exception destroying user [" + username + "] MBean"); iae.initCause(e); throw iae; }
java/org/apache/catalina/users/MemoryUserDatabase.java+1 −1 modified@@ -585,7 +585,7 @@ public void save() throws Exception { values = getUsers(); while (values.hasNext()) { writer.print(" "); - writer.println(values.next()); + writer.println(((MemoryUser) values.next()).toXml()); } // Print the file epilog
java/org/apache/catalina/users/MemoryUser.java+48 −2 modified@@ -257,8 +257,7 @@ public void removeRoles() { * <code>username</code> or </code>name</code> for the username * property.</p> */ - @Override - public String toString() { + public String toXml() { StringBuilder sb = new StringBuilder("<user username=\""); sb.append(RequestUtil.filter(username)); @@ -305,5 +304,52 @@ public String toString() { } + /** + * <p>Return a String representation of this user.</p> + */ + @Override + public String toString() { + + StringBuilder sb = new StringBuilder("User username=\""); + sb.append(RequestUtil.filter(username)); + sb.append("\""); + if (fullName != null) { + sb.append(", fullName=\""); + sb.append(RequestUtil.filter(fullName)); + sb.append("\""); + } + synchronized (groups) { + if (groups.size() > 0) { + sb.append(", groups=\""); + int n = 0; + Iterator<Group> values = groups.iterator(); + while (values.hasNext()) { + if (n > 0) { + sb.append(','); + } + n++; + sb.append(RequestUtil.filter(values.next().getGroupname())); + } + sb.append("\""); + } + } + synchronized (roles) { + if (roles.size() > 0) { + sb.append(", roles=\""); + int n = 0; + Iterator<Role> values = roles.iterator(); + while (values.hasNext()) { + if (n > 0) { + sb.append(','); + } + n++; + sb.append(RequestUtil.filter(values.next().getRolename())); + } + sb.append("\""); + } + } + return (sb.toString()); + } + }
webapps/docs/changelog.xml+5 −0 modified@@ -148,6 +148,11 @@ DefaultServlet was broken due to a MIME type change for JavaScript. (funkman) </fix> + <fix> + Fix CVE-2011-2204. Prevent user passwords appearing in log files if a + runtime exception (e.g. OOME) occurs while creating a new user for a + MemoryUserDatabase via JMX. (markt) + </fix> </changelog> </subsection> <subsection name="Coyote">
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
36- bugzilla.redhat.com/show_bug.cginvdPatchWEB
- secunia.com/advisories/44981nvdVendor Advisory
- tomcat.apache.org/security-5.htmlnvdVendor AdvisoryWEB
- tomcat.apache.org/security-6.htmlnvdVendor AdvisoryWEB
- tomcat.apache.org/security-7.htmlnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-c57p-3v2g-w9rgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-2204ghsaADVISORY
- marc.infonvdWEB
- marc.infonvdWEB
- marc.infonvdWEB
- marc.infonvdWEB
- support.apple.com/kb/HT5130nvdWEB
- www.debian.org/security/2012/dsa-2401nvdWEB
- access.redhat.com/errata/RHSA-2011:1845ghsaWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/68238nvdWEB
- github.com/apache/tomcat/commit/763a56b45999653ce648a18462b8a826809215b1ghsaWEB
- github.com/apache/tomcat55/commit/8b81c8c869987e35deed04993ecfcf7be27ca298ghsaWEB
- lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3EghsaWEB
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14931nvdWEB
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19532nvdWEB
- web.archive.org/web/20110711083618/http://securitytracker.com/idghsaWEB
- lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlnvd
- secunia.com/advisories/48308nvd
- secunia.com/advisories/57126nvd
- securitytracker.com/idnvd
- www.mandriva.com/security/advisoriesnvd
- www.osvdb.org/73429nvd
- www.redhat.com/support/errata/RHSA-2011-1845.htmlnvd
- www.securityfocus.com/bid/48456nvd
- lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3Envd
- lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3Envd
News mentions
0No linked articles in our index yet.