CVE-2011-1183
Apache Tomcat 7.0.11 - Unauthenticated Access Restriction Bypass via HTTP Requests
Title source: llmDescription
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12701
Various Sources x_refsource_confirm
http://tomcat.apache.org/security-7.html
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2011/Apr/96
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1087643
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66675
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/47196
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8187
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/517362/100/0/threaded
Scores
EPSS
0.0616
EPSS Percentile
92.7%
Details
Status
published
Products (2)
apache/tomcat
7.0.11
org.apache.tomcat/tomcat
7.0.11 - 7.0.12Maven
Published
Apr 08, 2011
Tracked Since
Feb 18, 2026