Description
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
Remediation
References
Related Vulnerabilities
MySQL CVE-2024-21056 Vulnerability (CVE-2024-21056)
WordPress Plugin Filedownload Multiple Vulnerabilities (1.4)
Drupal Core 4.7.x Multiple Vulnerabilities (4.7.0 - 4.7.1)
SharePoint CVE-2020-1440 Vulnerability (CVE-2020-1440)
Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2183)