5.8

CVE-2011-1419

Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTomcat Version7.0.0
ApacheTomcat Version7.0.0 Updatebeta
ApacheTomcat Version7.0.1
ApacheTomcat Version7.0.2
ApacheTomcat Version7.0.3
ApacheTomcat Version7.0.4
ApacheTomcat Version7.0.5
ApacheTomcat Version7.0.6
ApacheTomcat Version7.0.7
ApacheTomcat Version7.0.8
ApacheTomcat Version7.0.9
ApacheTomcat Version7.0.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.54% 0.929
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://tomcat.apache.org/security-7.html
http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106%40apache.org%3E
http://markmail.org/message/lzx5273wsgl5pob6
http://markmail.org/message/yzmyn44f5aetmm2r
http://secunia.com/advisories/43684
Vendor Advisory
http://www.osvdb.org/71027
http://www.securityfocus.com/bid/46685
http://www.vupen.com/english/advisories/2011/0563
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65971
http://marc.info/?l=tomcat-user&m=129966773405409&w=2
http://securityreason.com/securityalert/8131
http://svn.apache.org/viewvc?view=revision&revision=1079752
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/66154