Access Restriction Bypass Affecting org.apache.tomcat:tomcat-catalina package, versions [7.0.12,7.0.14)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
10 Jun 2015
20 May 2011
How to fix?
org.apache.tomcat:tomcat-catalina to version 7.0.14 or higher.
org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations.
Affected versions of this package are vulnerable to Access Restriction Bypass. Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.