Description
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
Remediation
References
Related Vulnerabilities
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.7)
WordPress Plugin Contus HD FLV Player 'uploadVideo.php' Arbitrary File Upload (1.7)
WordPress Plugin WP Like Button Security Bypass (1.6.0)
WordPress Plugin WP DSGVO Tools (GDPR) Cross-Site Request Forgery (2.2.18)
Atlassian Jira Improper Authentication Vulnerability (CVE-2022-0540)