Access Restriction Bypass Affecting org.apache.tomcat.embed:tomcat-embed-core Open this link in a new tab package, versions [7.0.11,7.0.12)
Do your applications use this vulnerable package?
10 Jun 2015
8 Apr 2011
How to fix?
org.apache.tomcat.embed:tomcat-embed-core to version 7.0.12 or higher.
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Access Restriction Bypass. When
web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application.
NOTE: this vulnerability exists because of an incorrect fix for