[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-1088Date: (C)2011-03-14   (M)2023-12-22


Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1025215
http://www.securityfocus.com/archive/1/517013/100/0/threaded
SECUNIA-43684
BID-46685
OSVDB-71027
ADV-2011-0563
http://markmail.org/message/yzmyn44f5aetmm2r
http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106%40apache.org%3E
http://svn.apache.org/viewvc?view=revision&revision=1076586
http://svn.apache.org/viewvc?view=revision&revision=1076587
http://svn.apache.org/viewvc?view=revision&revision=1077995
http://tomcat.apache.org/security-7.html
tomcat-servletsecurity-sec-bypass(65971)

OVAL    1
oval:org.secpod.oval:def:395

© SecPod Technologies