CVE-2011-1088

EPSS 22.03%
Veröffentlicht 14.03.2011 19:55:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 17

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tomcat Version7.0.0

Apache ≫ Tomcat Version7.0.0 Updatebeta

Apache ≫ Tomcat Version7.0.1

Apache ≫ Tomcat Version7.0.2

Apache ≫ Tomcat Version7.0.3

Apache ≫ Tomcat Version7.0.4

Apache ≫ Tomcat Version7.0.5

Apache ≫ Tomcat Version7.0.6

Apache ≫ Tomcat Version7.0.7

Apache ≫ Tomcat Version7.0.8

Apache ≫ Tomcat Version7.0.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	22.03%	0.956

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

http://tomcat.apache.org/security-7.html

Vendor Advisory

http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106%40apache.org%3E

http://markmail.org/message/lzx5273wsgl5pob6

http://markmail.org/message/yzmyn44f5aetmm2r

http://secunia.com/advisories/43684

Vendor Advisory

http://svn.apache.org/viewvc?view=revision&revision=1076586

Patch

http://svn.apache.org/viewvc?view=revision&revision=1076587

http://svn.apache.org/viewvc?view=revision&revision=1077995

http://www.osvdb.org/71027

http://www.securityfocus.com/archive/1/517013/100/0/threaded

http://www.securityfocus.com/bid/46685

http://www.securitytracker.com/id?1025215

http://www.vupen.com/english/advisories/2011/0563

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/65971

https://nvd.nist.gov/vuln/detail/CVE-2011-1088

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1088

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1088

EUVD