4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
71.7%
Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet
without following security constraints that have been configured through
annotations, which allows remote attackers to bypass intended access
restrictions via HTTP requests. NOTE: this vulnerability exists because of
an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.