Description

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.

Remediation

References

CVE-2011-1582

Related Vulnerabilities

Oracle JRE Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2024-21147)

Jenkins CVE-2013-0329 Vulnerability (CVE-2013-0329)

Plone CMS Improper Access Control Vulnerability (CVE-2015-7315)

Apache HTTP Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-3185)

WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-19436)

Severity

Medium

Classification

CVE-2011-1582 CWE-264

Tags

Missing Update Known Vulnerabilities