Description
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
Remediation
References
Related Vulnerabilities
WordPress Plugin Swim Team Arbitrary File Download (1.44.1077)
WordPress Plugin Remove Yoast SEO comments Unspecified Vulnerability (1.0.4)
Magento Deserialization of Untrusted Data Vulnerability (CVE-2020-3716)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-13258)