Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
References
Configurations
History
07 Nov 2023, 02:06
Type | Values Removed | Values Added |
---|---|---|
Summary | Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419. |
Information
Published : 2011-04-08 15:17
Updated : 2024-02-28 11:41
NVD link : CVE-2011-1183
Mitre link : CVE-2011-1183
CVE.ORG link : CVE-2011-1183
JSON object : View
Products Affected
apache
- tomcat
CWE