Lucene search

[email protected]CVE-2011-1582

HistoryMay 20, 2011 - 10:55 p.m.

CVE-2011-1582

2011-05-2022:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2011-1582

apache tomcat

security bypass

remote attackers

access restrictions

4.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

71.7%

JSON

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.

CPENameOperatorVersion
apache:tomcatapache tomcateq7.0.12
apache:tomcatapache tomcateq7.0.13

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	7.0.12
apache:tomcat	apache tomcat	eq	7.0.13

References

mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3C4DD26E30.2060103%40apache.org%3E

securityreason.com/securityalert/8256

svn.apache.org/viewvc?view=revision&revision=1100832

tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.14_%28released_12_May_2011%29

www.securityfocus.com/archive/1/518032/100/0/threaded

www.securityfocus.com/bid/47886

www.vupen.com/english/advisories/2011/1255

exchange.xforce.ibmcloud.com/vulnerabilities/67515

4.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

71.7%

JSON

Related for CVE-2011-1582

prion4 ubuntucve2 osv4 github4 tomcat3 nessus6 securityvulns3 openvas8 cve3 seebug1 fedora1 gentoo1