Description
Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
Remediation
References
Related Vulnerabilities
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9127)
WordPress Plugin BuddyPress PHP Object Injection (2.0.2)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-2353)
PHP Use of Externally-Controlled Format String Vulnerability (CVE-2010-2094)
TCExam Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2021-20113)