CVSS: 5.8EPSS: 0%CPEs: 11EXPL: 0CVE-2011-1088
https://notcve.org/view.php?id=CVE-2011-1088
Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. Apache Tomcat v7.x anterior a v7.0.10 no sigue anotaciones ServletSecurity, lo que permite a atacantes remotos evitar las restricciones de acceso a través de peticiones HTTP a una aplicación web. • http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106%40apache.org%3E http://markmail.org/message/lzx5273wsgl5pob6 http://markmail.org/message/yzmyn44f5aetmm2r http://secunia.com/advisories/43684 http://svn.apache.org/viewvc?view=revision&revision=1076586 http://svn.apache.org/viewvc?view=revision&revision=1076587 http://svn.apache.org/viewvc?view=revision&revision=1077995 http://tomcat.apache.org/security-7.html http://www.osvdb.org/71027 http://www.securi •