Gentoo Security Advisory GLSA 201206-24 (apache tomcat)

The remote host is missing updates announced in advisory GLSA 201206-24. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

CVE-2011-1582

CVE-2011-1582 affects Apache Tomcat 7.0.12 and 7.0.13, where the first request to a servlet is processed without enforcing security constraints configured via annotations, allowing bypass of access restrictions via HTTP requests. The issue is a consequence of an incomplete fix for CVE-2011-1088, ...

[SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-1582 Apache Tomcat security constraint bypass Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.12-7.0.13 - - Earlier versions are not affected Description: An error in the fixes for...

Fixed in Apache Tomcat 7.0.14

Important: Security constraint bypass CVE-2011-1582 An error in the fixes for CVE-2011-1088/CVE-2011-1183 meant that security constraints configured via annotations were ignored on the first request to a Servlet. Subsequent requests were secured correctly. This was fixed in revision 1100832. This...