Apache Tomcat "@ServletSecurity" annotation security restriction bypass vulnerability and fix-vulnerability warning-the black bar safety net

2011-03-15T00:00:00
ID MYHACK58:62201129726
Type myhack58
Reporter 佚名
Modified 2011-03-15T00:00:00

Description

Affected version: Apache Group Tomcat 7. x

Vulnerability description: Apache Tomcat is a popular open source JSP application server program.

Apache Tomcat in the realization of the presence of the"@ServletSecurity" annotation security restriction bypass vulnerability, remote attacker could exploit this vulnerability to bypass certain security restrictions.

Since the application is in the loading servlet fails to properly perform the"@ServletSecurity" annotation, by bypassing annotation to specify the security restrictions and disclose certain information.

<reference http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.10_%28released_8_Mar_2011%29 >

Manufacturers patch:

The Apache Group ------------ The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download:

http://jakarta.apache.org/tomcat/index.html