CVE-2011-1183 – org.apache.tomcat:tomcat

Package

Manager: maven
Name: org.apache.tomcat:tomcat
Vulnerable Version: =7.0.11 || >=7.0.11 <7.0.12

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0072 pctl0.71632

Details

Access controll bypass in Apache Tomcat Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.

Metadata

Created: 2022-05-14T02:56:10Z
Modified: 2024-02-21T21:04:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p26v-97vp-jcx6/GHSA-p26v-97vp-jcx6.json
CWE IDs: []
Alternative ID: GHSA-p26v-97vp-jcx6
Finding: F039
Auto approve: 1