Detections
Analytics
Apache Tomcat 7.0.x < 7.0.11 Security Bypass Vulnerability
medium Log Correlation Engine Plugin ID 800610
Synopsis
The remote web server is affected by security bypass vulnerability.Description
Versions of Tomcat 7.0.x earlier than 7.0.11 are potentially affected by a security bypass vulnerability. When a web application is started, 'ServletSecurity' annotations might be ignored which could lead to some areas of the application not being protected as expected.Solution
Upgrade to Apache Tomcat 7.0.11 or later.See Also
tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.11_(released_11_Mar_2011)
mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%[email protected]%3E
Plugin Details
Severity: Medium
ID: 800610
Family: Web Servers
Published: 3/11/2011
Nessus ID: 52634
Vulnerability Information
Patch Publication Date: 3/11/2011
Vulnerability Publication Date: 3/2/2011
Reference Information
CVE: CVE-2011-1088, CVE-2011-1419
BID: 46685