Description
Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
Remediation
References
Related Vulnerabilities
Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - 1.0.9)
WordPress Plugin SP Project & Document Manager Multiple Vulnerabilities (2.5.9.7)
Oracle HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2022-25313)
WordPress Plugin Track That Stat 'data' Parameter Cross-Site Scripting (1.0.8)