Информационная безопасность
[RU] switch to English


Обход защиты в Apache Tomcat
дополнено с 15 марта 2011 г.
Опубликовано:17 мая 2011 г.
Источник:
SecurityVulns ID:11503
Тип:библиотека
Уровень опасности:
5/10
Описание:Игнорируются параметры @ServletSecurity
Затронутые продукты:APACHE : Tomcat 7.0
CVE:CVE-2011-1582 (Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.)
 CVE-2011-1183 (Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.)
 CVE-2011-1088 (Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.)
Оригинальный текстdocumentAPACHE, [SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass (17.05.2011)
 documentAPACHE, [SECURITY] CVE-2011-1088 Apache Tomcat security constraint bypass (15.03.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород