Description

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.

Remediation

References

CVE-2011-1582

Related Vulnerabilities

Oracle Database Server CVE-2010-2415 Vulnerability (CVE-2010-2415)

Oracle JRE CVE-2018-2797 Vulnerability (CVE-2018-2797)

WordPress Plugin Page Builder by SiteOrigin Cross-Site Scripting (2.0.4)

WordPress Plugin Import XML and RSS Feeds Remote Code Execution (2.1.4)

Oracle Application Server CVE-2006-0275 Vulnerability (CVE-2006-0275)

Severity

Medium

Classification

CVE-2011-1582 CWE-264

Tags

Missing Update Known Vulnerabilities