CVE-2011-1183 — Apache Tomcat vulnerability

8 documents6 sources

Severity

5.8MEDIUMNVD

EPSS

0.8%

top 26.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat

Timeline

PublishedApr 8

Latest updateMay 14

Description

Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDapache/tomcat7.0.11

Patches

Patch: svn.apache.org ↗Patch: svn.apache.org ↗

🔴Vulnerability Details

OSV

Access controll bypass in Apache Tomcat↗2022-05-14

▶

GHSA

Access controll bypass in Apache Tomcat↗2022-05-14

▶

GHSA

Access restriction bypass in Apache Tomcat↗2022-05-14

▶

CVEList

CVE-2011-1183: Apache Tomcat 7↗2011-04-08

▶

📋Vendor Advisories

Red Hat

tomcat: various flaws due not following ServletSecurity annotations↗2011-03-02

▶

Red Hat

tomcat: various flaws due not following ServletSecurity annotations↗2011-03-02

▶

💬Community

Bugzilla

CVE-2011-1088 CVE-2011-1183 CVE-2011-1419 CVE-2011-1582 tomcat: various flaws due not following ServletSecurity annotations↗2011-05-30

▶