Описание
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | tomcat7 only |
| hardy | DNE | |
| karmic | not-affected | tomcat7 only |
| lucid | not-affected | tomcat7 only |
| maverick | not-affected | tomcat7 only |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
Apache Tomcat 7.0.11, when web.xml has no login configuration, does no ...
EPSS
5.8 Medium
CVSS2