CVE-2011-1419
14.03.2011, 19:55
Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.Enginsight
Vendor | Product | Version |
---|---|---|
apache | tomcat | 7.0.0 |
apache | tomcat | 7.0.0:beta |
apache | tomcat | 7.0.1 |
apache | tomcat | 7.0.2 |
apache | tomcat | 7.0.3 |
apache | tomcat | 7.0.4 |
apache | tomcat | 7.0.5 |
apache | tomcat | 7.0.6 |
apache | tomcat | 7.0.7 |
apache | tomcat | 7.0.8 |
apache | tomcat | 7.0.9 |
apache | tomcat | 7.0.10 |
𝑥
= Vulnerable software versions
References