5.8

CVE-2011-1419

EPSS 16.1%
Veröffentlicht 14.03.2011 19:55:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tomcat Version7.0.0

Apache ≫ Tomcat Version7.0.0 Updatebeta

Apache ≫ Tomcat Version7.0.1

Apache ≫ Tomcat Version7.0.2

Apache ≫ Tomcat Version7.0.3

Apache ≫ Tomcat Version7.0.4

Apache ≫ Tomcat Version7.0.5

Apache ≫ Tomcat Version7.0.6

Apache ≫ Tomcat Version7.0.7

Apache ≫ Tomcat Version7.0.8

Apache ≫ Tomcat Version7.0.9

Apache ≫ Tomcat Version7.0.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	16.1%	0.942

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

http://tomcat.apache.org/security-7.html

http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106%40apache.org%3E

http://markmail.org/message/lzx5273wsgl5pob6

http://markmail.org/message/yzmyn44f5aetmm2r

http://secunia.com/advisories/43684

Vendor Advisory

http://www.osvdb.org/71027

http://www.securityfocus.com/bid/46685

http://www.vupen.com/english/advisories/2011/0563

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/65971

http://marc.info/?l=tomcat-user&m=129966773405409&w=2

http://securityreason.com/securityalert/8131

http://svn.apache.org/viewvc?view=revision&revision=1079752

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/66154

https://nvd.nist.gov/vuln/detail/CVE-2011-1419

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1419

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1419

EUVD