Description
Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
Remediation
References
Related Vulnerabilities
Magento Improper Authentication Vulnerability (CVE-2015-3457)
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2011-4415)
EspoCRM Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2019-14351)
WordPress Plugin WordPress Alipay/Tenpay/PayPal SQL Injection (3.7.2)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9449)