Description

Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.

Remediation

References

CVE-2011-1419

Related Vulnerabilities

MySQL CVE-2013-0368 Vulnerability (CVE-2013-0368)

Joomla! Core 3.x.x Security Bypass (3.8.0 - 3.9.3)

WordPress Plugin VideoWhisper Video Presentation 'vw_upload.php' Arbitrary File Upload (3.17)

PHP Improper Input Validation Vulnerability (CVE-2006-6383)

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler PHP Object Injection (5.0.0)

Severity

Medium

Classification

CVE-2011-1419

Tags

Missing Update Known Vulnerabilities