Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1183

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2011-1183
Last Modified 21 Sep 2011 11:29:45
Published 08 Apr 2011 11:17:28
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1183

Summary

Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.

Vulnerable Systems

Application

  • Apache Tomcat 7.0.11


References

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1087643

XF - tomcat-webxml-security-bypass(66675)

BID - 47196

BUGTRAQ - 20110406 [SECURITY] CVE-2011-1183 Apache Tomcat security constraint bypass

CONFIRM - http://tomcat.apache.org/security-7.html

SREASON - 8187


Last Updated: 27 May 2016 10:56:12