Home > Vulnerability Database > CVE-2011-1419

Mend.io Vulnerability Database

CVE-2011-1419

Good to know:

Date: March 14, 2011

Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.

Language: Java

Severity Score

4.8

Related Resources (22)

Url: http://www.securityfocus.com/bid/46685

Url: http://tomcat.apache.org/security-7.html

Url: http://www.osvdb.org/71027

Url: http://marc.info/?l=tomcat-user&m=129966773405409&w=2

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/65971

Url: http://svn.apache.org/viewvc?view=revision&revision=1079752

Url: https://web.archive.org/web/20170202135440/http://www.securityfocus.com/bid/46685

Url: https://github.com/apache/tomcat

Url: https://web.archive.org/web/20110323002552/http://markmail.org/message/lzx5273wsgl5pob6

Url: http://markmail.org/message/lzx5273wsgl5pob6

Url: http://secunia.com/advisories/43684

Url: https://github.com/apache/tomcat/commit/0ff4905158b77787a7f3aca55c9dec93456665dc

Url: http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106@apache.org%3E

Url: http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106%40apache.org%3E

Url: https://web.archive.org/web/20110307182442/http://markmail.org/message/yzmyn44f5aetmm2r

Url: https://github.com/apache/tomcat/commit/3e5b0455483eed55752047073e92403bfca8d3ec

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/66154

Url: http://securityreason.com/securityalert/8131

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-1419

Url: http://markmail.org/message/yzmyn44f5aetmm2r

Url: http://www.vupen.com/english/advisories/2011/0563

Url: https://www.mend.io/vulnerability-database/CVE-2011-1419

Severity Score

4.8

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-1419

Good to know:

Date: March 14, 2011

Language: Java

Severity Score

Related Resources (22)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?