Description

Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.

Remediation

References

CVE-2011-1088

Related Vulnerabilities

WordPress Plugin Formidable-Clockwork SMS Cross-Site Scripting (1.0.3)

WordPress Plugin Page Builder:Live Composer Cross-Site Scripting (1.5.22)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5317)

OpenSSL Numeric Errors Vulnerability (CVE-2007-5135)

WordPress Plugin Contact Form Generator Multiple Cross-Site Request Forgery Vulnerabilities (2.1.86)

Severity

Medium

Classification

CVE-2011-1088

Tags

Missing Update Known Vulnerabilities