CVE-2011-1419

medium

Description

Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/66154

https://exchange.xforce.ibmcloud.com/vulnerabilities/65971

http://www.vupen.com/english/advisories/2011/0563

http://www.securityfocus.com/bid/46685

http://www.osvdb.org/71027

http://tomcat.apache.org/security-7.html

http://svn.apache.org/viewvc?view=revision&revision=1079752

http://securityreason.com/securityalert/8131

http://secunia.com/advisories/43684

http://markmail.org/message/yzmyn44f5aetmm2r

http://markmail.org/message/lzx5273wsgl5pob6

http://marc.info/?l=tomcat-user&m=129966773405409&w=2

http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106%40apache.org%3E

Details

Source: Mitre, NVD

Published: 2011-03-14

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Severity: Medium