QwikSec

Security Database

CVE

CWE

Training

CVE-2011-1582

Published: May 20, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SREASON

20110517 [SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass

mailing-list

x_refsource_BUGTRAQ

[www-announce] 20110517 [SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_VUPEN

http://svn.apache.org/viewvc?view=revision&revision=1100832

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

tomcat-annotations-security-bypass(67515)

vdb-entry

x_refsource_XF

http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.14_%28released_12_May_2011%29

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.