12 matches found
EUVD-2022-2261
Malicious code in bioql PyPI...
Access controll bypass in Apache Tomcat
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for...
Access restriction bypass in Apache Tomcat
Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an...
Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
The remote host is missing updates announced in advisory GLSA 201206-24. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Design/Logic Flaw
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for...
Apache Tomcat 7.0.x < 7.0.12 Multiple Vulnerabilities
Binary data 5882.pasl...
Fixed in Apache Tomcat 7.0.12
Important: Information disclosure CVE-2011-1475 Changes introduced to the HTTP BIO connector to support Servlet 3.0 asynchronous requests did not fully account for HTTP pipelining. As a result, when using HTTP pipelining a range of unexpected behaviours occurred including the mixing up of respons...
[SECURITY] CVE-2011-1088 Apache Tomcat security constraint bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-1088 Apache Tomcat security constraint bypass Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.10 - - Earlier versions are not affected Description: When a web application was started,...
CVE-2011-1088
CVE-2011-1088 affects Apache Tomcat 7.x prior to 7.0.10 (and related entries reference 7.0.11 in follow‑ups). The issue: Tomcat does not follow ServletSecurity annotations when a web.xml has no security constraints, allowing remote attackers to bypass the intended access restrictions via HTTP req...
CVE-2011-1419
Affected software: Apache Tomcat 7.x before 7.0.11. Component/behavior: ServletSecurity handling; when web.xml has no security constraints, Tomcat does not follow ServletSecurity annotations, enabling a remote bypass of access controls via HTTP requests. Root cause: incomplete fix for CVE-2011-10...
Apache Tomcat "@ServletSecurity" 注释安全限制绕过漏洞
CVE ID: CVE-2011-1088 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat在实现上存在"@ServletSecurity" 注释安全限制绕过漏洞,远程攻击者可利用此漏洞绕过某些安全限制。 由于应用程序在加载小服务程序时未能正确执行"@ServletSecurity" 注释,可通过绕过注释指定的安全限制并泄露某些信息。 Apache Group Tomcat 7.x 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Fixed in Apache Tomcat 7.0.11
Important: Security constraint bypass CVE-2011-1088 When a web application was started, ServletSecurity annotations were ignored. This meant that some areas of the application may not have been protected as expected. This was partially fixed in Apache Tomcat 7.0.10 and fully fixed in 7.0.11. This...