Description
Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
Remediation
References
Related Vulnerabilities
Play Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3630)
WP Post Popup Directory Traversal (2.0)
STT2 Extension Add Terms Unspecified Vulnerability (1.0.2)
PHP Resource Management Errors Vulnerability (CVE-2006-1991)
Apache Tomcat Credentials Management Errors Vulnerability (CVE-2009-3548)