5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
57.2%
Important: Security constraint bypass CVE-2011-1088
When a web application was started, ServletSecurity annotations were ignored. This meant that some areas of the application may not have been protected as expected. This was partially fixed in Apache Tomcat 7.0.10 and fully fixed in 7.0.11.
This was fixed in revisions 1076586, 1076587, 1077995 and 1079752.
This was reported publicly on the Tomcat users mailing list on 2 Mar 2011.
Affects: 7.0.0-7.0.10
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | ge | 7.0.0 | |
apache tomcat | le | 7.0.10 |