5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.004 Low
EPSS
Percentile
72.1%
Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet
without following security constraints that have been configured through
annotations, which allows remote attackers to bypass intended access
restrictions via HTTP requests. NOTE: this vulnerability exists because of
an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.