Description

Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.

Remediation

References

CVE-2011-1419

Related Vulnerabilities

WordPress Plugin Two Factor Authentication Cross-Site Scripting (1.0.7)

Jboss EAP Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-12165)

Jenkins Incorrect Authorization Vulnerability (CVE-2021-21692 )

Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-14882)

WordPress Plugin WP Easy Gallery 'select_gallery' Parameter Cross-Site Scripting (1.7)

Severity

Medium

Classification

CVE-2011-1419

Tags

Missing Update Known Vulnerabilities