CVE-2011-1183

Apache Tomcat 7.0.11 - Unauthenticated Access Restriction Bypass via HTTP Requests

Title source: llm
STIX 2.1

Description

Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12701
Various Sources x_refsource_confirm
http://tomcat.apache.org/security-7.html
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2011/Apr/96
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66675
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/47196
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8187
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/517362/100/0/threaded

Scores

EPSS 0.0616
EPSS Percentile 92.7%

Details

Status published
Products (2)
apache/tomcat 7.0.11
org.apache.tomcat/tomcat 7.0.11 - 7.0.12Maven
Published Apr 08, 2011
Tracked Since Feb 18, 2026