CVE-2011-1582 — Apache Tomcat vulnerability

6 documents6 sources

Severity

4.3MEDIUMNVD

CNA5.8GHSA5.8OSV5.8

EPSS

1.5%

top 18.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat

Timeline

PublishedMay 20

Latest updateMay 14

Description

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/tomcat7.0.12, 7.0.13+1

Patches

Patch: svn.apache.org ↗Patch: www.securityfocus.com ↗Patch: svn.apache.org ↗

🔴Vulnerability Details

GHSA

Access restriction bypass in Apache Tomcat↗2022-05-14

▶

OSV

Access restriction bypass in Apache Tomcat↗2022-05-14

▶

CVEList

CVE-2011-1582: Apache Tomcat 7↗2011-05-20

▶

📋Vendor Advisories

Red Hat

tomcat: various flaws due not following ServletSecurity annotations↗2011-03-02

▶

💬Community

Bugzilla

CVE-2011-1088 CVE-2011-1183 CVE-2011-1419 CVE-2011-1582 tomcat: various flaws due not following ServletSecurity annotations↗2011-05-30

▶