Lucene search
Veracode Vulnerability DatabaseVERACODE:7760HistoryNov 13, 2018 - 4:53 a.m.
Access Control Bypass
2018-11-1304:53:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.003 Low
EPSS
Percentile
65.3%
Apache Tomcat is vulnerable to access control bypass. Attackers are able to bypass intended access restrictions when Tomcat is started with errors while reading the web.xml file, which results in improper security settings.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tomcat | le | 3.3.2 | |
| tomcat-util | le | 3.3.2 |
References
marc.info/?l=bugtraq&m=101709002410365&w=2
www.apachelabs.org/tomcat-dev/200108.mbox/%[email protected]%3E
www.iss.net/security_center/static/9863.php
lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
marc.info/?l=bugtraq&m=101709002410365&w=2
Related
osv
osv
Apache Tomcat may be started without proper security settings
2022-04-30 18:19:20
tomcat
tomcat
Fixed in Apache Tomcat 4.0.0
2003-04-02 00:00:00
nvd
nvd
CVE-2002-0493
2002-08-12 04:00:00
cvelist
cvelist
CVE-2002-0493
2003-04-02 05:00:00
github
github
Apache Tomcat may be started without proper security settings
2022-04-30 18:19:20
cve
cve
CVE-2002-0493
2003-04-02 05:00:00