Apache Tomcat is vulnerable to access control bypass. Attackers are able to bypass intended access restrictions when Tomcat is started with errors while reading the web.xml
file, which results in improper security settings.
marc.info/?l=bugtraq&m=101709002410365&w=2
www.apachelabs.org/tomcat-dev/200108.mbox/%[email protected]%3E
www.iss.net/security_center/static/9863.php
lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
marc.info/?l=bugtraq&m=101709002410365&w=2