Summary
This host is running Apache Tomcat and is prone to security bypass vulnerability.
Impact
Successful exploitation will allow remote attackers to bypass certain authentication and obtain sensitive information.
Impact Level: Application
Solution
Upgrade Apache Tomcat version to 7.0.14 or later,
For updates refer to http://tomcat.apache.org
Insight
The flaw is due an error when enforcing security constraints. An attacker could exploit this vulnerability using @ServletSecurity annotations to bypass constraints and gain unauthorized access to the servlet.
Affected
Apache Tomcat version 7.0.13 and 7.0.12
Detection
Get the installed version of Apache Tomcat with the help of detect NVT and check the version is vulnerable or not.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2011-1582 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache CouchDB Cross Site Request Forgery Vulnerability
- Apache Solr Directory Traversal Vulnerability Jan-14
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability