CVE-2011-1419

Apache Tomcat <7.0.11 - Auth Bypass

Title source: llm
STIX 2.1

Description

Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.

References (13)

Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65971
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43684
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46685
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0563
Various Sources x_refsource_confirm
http://tomcat.apache.org/security-7.html
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8131
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66154
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/71027
Various Sources mailing-list x_refsource_mlist
http://markmail.org/message/lzx5273wsgl5pob6
Various Sources mailing-list x_refsource_mlist
http://markmail.org/message/yzmyn44f5aetmm2r
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=tomcat-user&m=129966773405409&w=2

Scores

EPSS 0.0654
EPSS Percentile 93.0%

Details

Status published
Products (12)
apache/tomcat 7.0.0 (2 CPE variants)
apache/tomcat 7.0.1
apache/tomcat 7.0.2
apache/tomcat 7.0.3
apache/tomcat 7.0.4
apache/tomcat 7.0.5
apache/tomcat 7.0.6
apache/tomcat 7.0.7
apache/tomcat 7.0.8
apache/tomcat 7.0.9
... and 2 more
Published Mar 14, 2011
Tracked Since Feb 18, 2026