CVE-2011-1419 Information

Feb 14, 2021 cve

Description

Apache Tomcat 7.x before 7.0.11 when web.xml has no security constraints does not follow ServletSecurity annotations which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.

Reference

http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/3C4D6E74FF.7050106@apache.org3E http://marc.info/?l=tomcat-user&m=129966773405409&w=2 http://markmail.org/message/lzx5273wsgl5pob6 http://markmail.org/message/yzmyn44f5aetmm2r http://secunia.com/advisories/43684 http://securityreason.com/securityalert/8131 http://svn.apache.org/viewvc?view=revision&revision=1079752 http://tomcat.apache.org/security-7.html http://www.osvdb.org/71027 http://www.securityfocus.com/bid/46685 http://www.vupen.com/english/advisories/2011/0563 https://exchange.xforce.ibmcloud.com/vulnerabilities/65971 https://exchange.xforce.ibmcloud.com/vulnerabilities/66154

Share on: