CVE-2011-1582

Apache Tomcat 7.0.12/13 - Auth Bypass

Title source: llm
STIX 2.1

Description

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.

References (8)

Core 8
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8256
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/518032/100/0/threaded
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/1255
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/47886
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/67515

Scores

EPSS 0.0602
EPSS Percentile 92.5%

Details

CWE
CWE-264
Status published
Products (3)
apache/tomcat 7.0.12
apache/tomcat 7.0.13
org.apache.tomcat/tomcat 7.0.12 - 7.0.14Maven
Published May 20, 2011
Tracked Since Feb 18, 2026