Description
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
Remediation
References
Related Vulnerabilities
WordPress Plugin Limit Login Attempts Reloaded Cross-Site Scripting (2.15.2)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-6455)
WordPress Plugin Restricted Site Access Unspecified Vulnerability (2.0)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2199)