Affected version: Apache Group Tomcat 7. x
Vulnerability description: Apache Tomcat is a popular open source JSP application server program.
Apache Tomcat in the realization of the presence of the"@ServletSecurity" annotation security restriction bypass vulnerability, remote attacker could exploit this vulnerability to bypass certain security restrictions.
Since the application is in the loading servlet fails to properly perform the"@ServletSecurity" annotation, by bypassing annotation to specify the security restrictions and disclose certain information.
<reference http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.10_%28released_8_Mar_2011%29 >
The Apache Group ------------ The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download: