CVE Vulnerabilities

CVE-2011-1088

Published: Mar 14, 2011 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
5.8 MODERATE
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V3
Ubuntu

Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.

Affected Software

Name Vendor Start Version End Version
Tomcat Apache 7.0.0 (including) 7.0.0 (including)
Tomcat Apache 7.0.0-beta (including) 7.0.0-beta (including)
Tomcat Apache 7.0.1 (including) 7.0.1 (including)
Tomcat Apache 7.0.2 (including) 7.0.2 (including)
Tomcat Apache 7.0.3 (including) 7.0.3 (including)
Tomcat Apache 7.0.4 (including) 7.0.4 (including)
Tomcat Apache 7.0.5 (including) 7.0.5 (including)
Tomcat Apache 7.0.6 (including) 7.0.6 (including)
Tomcat Apache 7.0.7 (including) 7.0.7 (including)
Tomcat Apache 7.0.8 (including) 7.0.8 (including)
Tomcat Apache 7.0.9 (including) 7.0.9 (including)

References