Description

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.

Remediation

References

CVE-2011-1582

Related Vulnerabilities

MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1581)

WordPress Plugin ShareThis:Free Sharing Buttons and Tools Cross-Site Request Forgery (7.0.5)

WordPress Plugin Download Zip Attachments Arbitrary File Download (1.0.0)

Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - 1.0.3)

WordPress Plugin MAC PHOTO GALLERY Multiple Security Bypass Vulnerabilities (3.0)

Severity

Medium

Classification

CVE-2011-1582 CWE-264

Tags

Missing Update Known Vulnerabilities