Description
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
Remediation
References
Related Vulnerabilities
Drupal Core 5.x Multiple Cross-Site Request Forgery Vulnerabilities (5.0 - 5.1)
WordPress Plugin Image Export Arbitrary File Download (1.1.0)
PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-7133)
Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-0205)