Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2261

Malicious code in bioql PyPI...

4.3CVSS4.5AI score0.06016EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2022/05/14 2:56 a.m.33 views

Access controll bypass in Apache Tomcat

Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for...

5.8CVSS5.1AI score0.06156EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 2:55 a.m.63 views

Access restriction bypass in Apache Tomcat

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an...

4.3CVSS5AI score0.06016EPSS
Exploits0References10Affected Software1
OpenVAS
OpenVAS
added 2012/08/10 12:0 a.m.266 views

Gentoo Security Advisory GLSA 201206-24 (apache tomcat)

The remote host is missing updates announced in advisory GLSA 201206-24. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

7.5CVSS0.1AI score0.9444EPSS
Exploits33
Prion
Prion
added 2011/04/08 3:17 p.m.26 views

Design/Logic Flaw

Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for...

5.8CVSS6.8AI score0.0654EPSS
Exploits1References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2011/04/07 12:0 a.m.34 views

Apache Tomcat 7.0.x < 7.0.12 Multiple Vulnerabilities

Binary data 5882.pasl...

5.8CVSS4.9AI score0.06156EPSS
Exploits0References2
Apache Tomcat
Apache Tomcat
added 2011/04/06 12:0 a.m.44 views

Fixed in Apache Tomcat 7.0.12

Important: Information disclosure CVE-2011-1475 Changes introduced to the HTTP BIO connector to support Servlet 3.0 asynchronous requests did not fully account for HTTP pipelining. As a result, when using HTTP pipelining a range of unexpected behaviours occurred including the mixing up of respons...

5.8CVSS5.3AI score0.0869EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2011/03/15 12:0 a.m.79 views

[SECURITY] CVE-2011-1088 Apache Tomcat security constraint bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-1088 Apache Tomcat security constraint bypass Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.10 - - Earlier versions are not affected Description: When a web application was started,...

5.8CVSS0.06453EPSS
Exploits1
CVE
CVE
added 2011/03/14 7:0 p.m.99 views

CVE-2011-1088

CVE-2011-1088 affects Apache Tomcat 7.x prior to 7.0.10 (and related entries reference 7.0.11 in follow‑ups). The issue: Tomcat does not follow ServletSecurity annotations when a web.xml has no security constraints, allowing remote attackers to bypass the intended access restrictions via HTTP req...

5.8CVSS4.2AI score0.06453EPSS
Exploits1References14Affected Software1
CVE
CVE
added 2011/03/14 7:0 p.m.75 views

CVE-2011-1419

Affected software: Apache Tomcat 7.x before 7.0.11. Component/behavior: ServletSecurity handling; when web.xml has no security constraints, Tomcat does not follow ServletSecurity annotations, enabling a remote bypass of access controls via HTTP requests. Root cause: incomplete fix for CVE-2011-10...

5.8CVSS4.4AI score0.0654EPSS
Exploits0References13Affected Software1
seebug.org
seebug.org
added 2011/03/14 12:0 a.m.58 views

Apache Tomcat &quot;@ServletSecurity&quot; 注释安全限制绕过漏洞

CVE ID: CVE-2011-1088 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat在实现上存在"@ServletSecurity" 注释安全限制绕过漏洞,远程攻击者可利用此漏洞绕过某些安全限制。 由于应用程序在加载小服务程序时未能正确执行"@ServletSecurity" 注释,可通过绕过注释指定的安全限制并泄露某些信息。 Apache Group Tomcat 7.x 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

5.8CVSS0.1AI score0.06453EPSS
Exploits1
Apache Tomcat
Apache Tomcat
added 2011/03/11 12:0 a.m.49 views

Fixed in Apache Tomcat 7.0.11

Important: Security constraint bypass CVE-2011-1088 When a web application was started, ServletSecurity annotations were ignored. This meant that some areas of the application may not have been protected as expected. This was partially fixed in Apache Tomcat 7.0.10 and fully fixed in 7.0.11. This...

5.8CVSS4.2AI score0.06453EPSS
Exploits1Affected Software1
Rows per page
Query Builder