CVE-2011-1088

Published: Mar 14, 2011Modified: Apr 29, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.

Affected (11)

Products: Apache: Tomcat

1 product

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Apache Tomcat	Version 7.0.0
Apache Tomcat	Version 7.0.0 beta
Apache Tomcat	Version 7.0.1
Apache Tomcat	Version 7.0.2
Apache Tomcat	Version 7.0.3
Apache Tomcat	Version 7.0.4
Apache Tomcat	Version 7.0.5
Apache Tomcat	Version 7.0.6
Apache Tomcat	Version 7.0.7
Apache Tomcat	Version 7.0.8
Apache Tomcat	Version 7.0.9

References (28)

http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106%40apache.org%3E

Source: secalert@redhat.com

http://markmail.org/message/lzx5273wsgl5pob6

Source: secalert@redhat.com

http://markmail.org/message/yzmyn44f5aetmm2r

Source: secalert@redhat.com

http://secunia.com/advisories/43684

Source: secalert@redhat.com

Vendor Advisory

http://svn.apache.org/viewvc?view=revision&revision=1076586

Source: secalert@redhat.com

Patch

http://svn.apache.org/viewvc?view=revision&revision=1076587

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1077995

Source: secalert@redhat.com

http://tomcat.apache.org/security-7.html

Source: secalert@redhat.com

Vendor Advisory

http://www.osvdb.org/71027

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/517013/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/46685

Source: secalert@redhat.com

http://www.securitytracker.com/id?1025215

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2011/0563

Source: secalert@redhat.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/65971

Source: secalert@redhat.com

http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106%40apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

http://markmail.org/message/lzx5273wsgl5pob6

Source: af854a3a-2127-422b-91ae-364da2661108

http://markmail.org/message/yzmyn44f5aetmm2r

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43684

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://svn.apache.org/viewvc?view=revision&revision=1076586

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://svn.apache.org/viewvc?view=revision&revision=1076587

Source: af854a3a-2127-422b-91ae-364da2661108

http://svn.apache.org/viewvc?view=revision&revision=1077995

Source: af854a3a-2127-422b-91ae-364da2661108

http://tomcat.apache.org/security-7.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.osvdb.org/71027

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/517013/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/46685

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1025215

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0563

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/65971

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.