NVD

Id
8064  
Name
CVE-2011-1088  
Description
Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.  
Reject
 
CVSS Version
2  
CVSS Score
5.8  
Severity
Medium  
CVSS Base Score
5.8  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:N)  
Pub Date
2017-01-07  
Published
2011-03-14  
Modified Date
2011-03-30  
Seq
2011-1088  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
45945 8064 CVE-2011-1088 [announce] 20110302 [SECURITY] Tomcat 7 ignores @ServletSecurity annotations  View
45946 8064 CVE-2011-1088 [users] 20110302 Re: @DenyAll does nothing  View
45947 8064 CVE-2011-1088 [users] 20110302 Re: @DenyAll does nothing  View
45948 8064 CVE-2011-1088 http://svn.apache.org/viewvc?view=revision&revision=1076586  View
45949 8064 CVE-2011-1088 http://svn.apache.org/viewvc?view=revision&revision=1076587  View
45950 8064 CVE-2011-1088 http://svn.apache.org/viewvc?view=revision&revision=1077995  View
45951 8064 CVE-2011-1088 http://tomcat.apache.org/security-7.html  View
45952 8064 CVE-2011-1088 20110315 [SECURITY] CVE-2011-1088 Apache Tomcat security constraint bypass  View
45953 8064 CVE-2011-1088 46685  View
45954 8064 CVE-2011-1088 1025215  View
45955 8064 CVE-2011-1088 ADV-2011-0563  View
45956 8064 CVE-2011-1088 tomcat-servletsecurity-sec-bypass(65971)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
31127 JVNDB-2011-001366 Apache Tomcat におけるアクセス制限を回避される脆弱性 Apache Tomcat は、ServletSecurity アノテーションに従わないため、アクセス制限を回避される脆弱性が存在します。 CVE-2011-1088 48995 CVE-2011-1088 8064 5.8 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001366.html 2011-03-11 2011-04-06 View