CVE-2011-1419

Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:P/I:P/A:N
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM