Description
Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
Remediation
References
Related Vulnerabilities
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3093)
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2023-26472)
WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.13)
Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-10002)