EUVD-2014-8717

Malware in sbrugna...

Apache Tomcat does not follow ServletSecurity annotations

Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for...

GHSA-VCH7-92VF-JM44 Apache Tomcat does not follow ServletSecurity annotations

Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for...

Apache Tomcat 'ServletSecurity' Annotations Security Bypass Vulnerability - Linux

Apache Tomcat is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

Apache Tomcat 'ServletSecurity' Annotations Security Bypass Vulnerability - Windows

Apache Tomcat is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

IBM WebSphere Application Server Liberty Profile Privilege Escalation Vulnerability (Mar 2016)

IBM WebSphere Application Server Liberty Profile is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2014-8890

CVE-2014-8890 affects IBM WebSphere Application Server Liberty Profile (8.5.x) where a remote attacker can gain elevated privileges when deployment-descriptor security constraints are combined with ServletSecurity annotations. Root cause: improper handling of security configuration in the servlet...

CVE-2014-8890

IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations...

Apache Tomcat protection bypass

@ServletSecurity parameters are ignored...

Apache Tomcat '@ServletSecurity' 安全模式绕过漏洞

No description provided by source...

Apache Tomcat 7.0.0 < 7.0.12 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.12. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.12security-7 advisory. - The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining,...

Apache Tomcat "@ServletSecurity" annotation security restriction bypass vulnerability and fix-vulnerability warning-the black bar safety net

Affected version: Apache Group Tomcat 7. x Vulnerability description: Apache Tomcat is a popular open source JSP application server program. Apache Tomcat in the realization of the presence of the"@ServletSecurity" annotation security restriction bypass vulnerability, remote attacker could exploi...

[SECURITY] CVE-2011-1088 Apache Tomcat security constraint bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-1088 Apache Tomcat security constraint bypass Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.10 - - Earlier versions are not affected Description: When a web application was started,...

CVE-2011-1088

Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application...

Design/Logic Flaw

Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for...

CVE-2011-1088

CVE-2011-1088 affects Apache Tomcat 7.x prior to 7.0.10 (and related entries reference 7.0.11 in follow‑ups). The issue: Tomcat does not follow ServletSecurity annotations when a web.xml has no security constraints, allowing remote attackers to bypass the intended access restrictions via HTTP req...

CVE-2011-1088

Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application...

Apache Tomcat &quot;@ServletSecurity&quot; 注释安全限制绕过漏洞

CVE ID: CVE-2011-1088 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat在实现上存在"@ServletSecurity" 注释安全限制绕过漏洞，远程攻击者可利用此漏洞绕过某些安全限制。 由于应用程序在加载小服务程序时未能正确执行"@ServletSecurity" 注释，可通过绕过注释指定的安全限制并泄露某些信息。 Apache Group Tomcat 7.x 厂商补丁： Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Apache Tomcat 7.0.x < 7.0.11 Security Bypass Vulnerability

Binary data 5816.pasl...

Fixed in Apache Tomcat 7.0.11

Important: Security constraint bypass CVE-2011-1088 When a web application was started, ServletSecurity annotations were ignored. This meant that some areas of the application may not have been protected as expected. This was partially fixed in Apache Tomcat 7.0.10 and fully fixed in 7.0.11. This...