Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2011-1582 | First vendor Publication | 2011-05-20 |
Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1582 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat) File : nvt/glsa_201206_24.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
72407 | Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint By... Apache Tomcat contains a flaw related to the @ServletSecurity annotation security restraints. The issue is triggered when the servlet is loaded for the first time, and may allow an attacker to bypass security restraints and gain unauthorized access to certain information. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-06-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-24.nasl - Type : ACT_GATHER_INFO |
2011-05-18 | Name : The remote web server is affected by a security constraint bypass vulnerability File : tomcat_7_0_14.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2023-11-07 21:47:27 |
|
2023-02-13 09:28:57 |
|
2021-05-04 12:14:22 |
|
2021-04-22 01:15:37 |
|
2020-05-23 00:28:20 |
|
2018-10-10 00:19:43 |
|
2017-08-17 09:23:29 |
|
2016-04-26 20:42:32 |
|
2014-02-17 11:01:52 |
|
2013-05-10 22:58:44 |
|