Vulnerability Description
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | 7.0.11 |
References
- http://seclists.org/fulldisclosure/2011/Apr/96
- http://securityreason.com/securityalert/8187
- http://svn.apache.org/viewvc?view=revision&revision=1087643Patch
- http://tomcat.apache.org/security-7.html
- http://www.securityfocus.com/archive/1/517362/100/0/threaded
- http://www.securityfocus.com/bid/47196
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66675
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://seclists.org/fulldisclosure/2011/Apr/96
- http://securityreason.com/securityalert/8187
- http://svn.apache.org/viewvc?view=revision&revision=1087643Patch
- http://tomcat.apache.org/security-7.html
- http://www.securityfocus.com/archive/1/517362/100/0/threaded
- http://www.securityfocus.com/bid/47196
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66675
FAQ
What is CVE-2011-1183?
CVE-2011-1183 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-da...
How severe is CVE-2011-1183?
CVE-2011-1183 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1183?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat.