Follow @discotekdotca
CVE-2011-1183
Current Description
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
| Referenced by CVEs: | CVE-2011-1582 |
Basic Data
| Published | April 08, 2011 |
|---|---|
| Last Modified | October 09, 2018 |
| Assigner | cve@mitre.org |
| Data Type | CVE |
| Data Format | MITRE |
| Data Version | 4.0 |
| Problem Type | NVD-CWE-Other |
| CVE Data Version | 4.0 |
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|---|
| CVSS 2 - Vector String | AV:N/AC:M/Au:N/C:P/I:P/A:N |
| CVSS 2 - Access Vector | NETWORK |
| CVSS 2 - Access Complexity | MEDIUM |
| CVSS 2 - Authentication | NONE |
| CVSS 2 - Confidentiality Impact | PARTIAL |
| CVSS 2 - Availability Impact | NONE |
| CVSS 2 - Base Score | 5.8 |
| Severity | MEDIUM |
| Exploitability Score | 8.6 |
| Impact Score | 4.9 |
| Obtain All Privilege | false |
| Obtain User Privilege | false |
| Obtain Other Privilege | false |
Base Metric V3
No data provided.
Configurations
-
OR - Configuration 1
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Application Apache Tomcat 7.0.11 * * * * * * * � � � �
Vulnerable Software List
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | 7.0.11 |
References
| Name | Source | URL | Tags |
|---|---|---|---|
| 20110406 [SECURITY] CVE-2011-1183 Apache Tomcat security constraint bypass | http://seclists.org/fulldisclosure/2011/Apr/96 | FULLDISC | |
| 8187 | http://securityreason.com/securityalert/8187 | SREASON | |
| http://svn.apache.org/viewvc?view=revision&revision=1087643 | http://svn.apache.org/viewvc?view=revision&revision=1087643 | CONFIRM | PATCH |
| http://tomcat.apache.org/security-7.html | http://tomcat.apache.org/security-7.html | CONFIRM | |
| 20110406 [SECURITY] CVE-2011-1183 Apache Tomcat security constraint bypass | http://www.securityfocus.com/archive/1/517362/100/0/threaded | BUGTRAQ | |
| 47196 | http://www.securityfocus.com/bid/47196 | BID | |
| tomcat-webxml-security-bypass(66675) | https://exchange.xforce.ibmcloud.com/vulnerabilities/66675 | XF | |
| oval:org.mitre.oval:def:12701 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12701 | OVAL |