Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-1582

Опубликовано: 02 мар. 2011
Источник: redhat
CVSS2: 5.8

Описание

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.

Отчет

Not vulnerable. This issue did not affect the versions of Apache Tomcat 5 as shipped with Red Hat Enterprise Linux 5, Red Hat Developer Suite 3, Red Hat Certificate System 7.3, Red Hat Network Satellite 5.3.0 and earlier versions and JBoss Enterprise Web Server 1.0. It did not affect the versions of Apache Tomcat 6 as shipped with Red Hat Enterprise Linux 6 and JBoss Enterprise Web Server 1.0. It also did not affect the versions of jbossweb as shipped with JBoss Enterprise Application Platform 4.3.0 and earlier versions, as this flaw only affects Apache Tomcat 7.0.12 & 7.0.13.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5tomcat5Not affected
Red Hat Enterprise Linux 6tomcat6Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=708955tomcat: various flaws due not following ServletSecurity annotations

5.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-1582

ubuntu
около 14 лет назад

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.

nvd логотип

CVE-2011-1582

nvd
около 14 лет назад

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.

debian логотип

CVE-2011-1582

debian
около 14 лет назад

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servl ...

github логотип

GHSA-3xpj-jgv5-q4vv

github
около 3 лет назад

Access restriction bypass in Apache Tomcat

5.8 Medium

CVSS2