CVE-2011-1419

Sažetak

Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.

Reference

http://markmail.org/message/yzmyn44f5aetmm2r
http://markmail.org/message/lzx5273wsgl5pob6
http://svn.apache.org/viewvc?view=revision&revision=1079752
http://secunia.com/advisories/43684
http://www.osvdb.org/71027
http://www.vupen.com/english/advisories/2011/0563
http://tomcat.apache.org/security-7.html
http://www.securityfocus.com/bid/46685
http://marc.info/?l=tomcat-user&m=129966773405409&w=2
http://securityreason.com/securityalert/8131
https://exchange.xforce.ibmcloud.com/vulnerabilities/66154
https://exchange.xforce.ibmcloud.com/vulnerabilities/65971
http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106%40apache.org%3E

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

07-11-2023 - 02:07

Objavljeno

14-03-2011 - 19:55