Описание
Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
Ссылки
- Vendor Advisory
- Patch
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.13628
Средний
5.8 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
redhat
больше 14 лет назад
Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
debian
больше 14 лет назад
Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annota ...
github
около 3 лет назад
Apache Tomcat allows remote attackers to bypass intended access restrictions
EPSS
Процентиль: 94%
0.13628
Средний
5.8 Medium
CVSS2
Дефекты
NVD-CWE-Other