Test ID:	1.3.6.1.4.1.25623.1.0.803783
Category:	Web Servers
Title:	Apache Tomcat SecurityConstraints Security Bypass Vulnerability
Summary:	Apache Tomcat is prone to a security bypass vulnerability.
Description:	Summary: Apache Tomcat is prone to a security bypass vulnerability. Vulnerability Insight: The flaw is due an error when enforcing security constraints. An attacker could exploit this vulnerability using @ServletSecurity annotations to bypass constraints and gain unauthorized access to the servlet. Vulnerability Impact: Successful exploitation will allow remote attackers to bypass certain authentication and obtain sensitive information. Affected Software/OS: Apache Tomcat version 7.0.13 and 7.0.12. Solution: Upgrade Apache Tomcat version to 7.0.14 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1582 20110517 [SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass http://www.securityfocus.com/archive/1/518032/100/0/threaded 47886 http://www.securityfocus.com/bid/47886 8256 http://securityreason.com/securityalert/8256 ADV-2011-1255 http://www.vupen.com/english/advisories/2011/1255 [www-announce] 20110517 [SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3C4DD26E30.2060103%40apache.org%3E http://svn.apache.org/viewvc?view=revision&revision=1100832 http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.14_%28released_12_May_2011%29 tomcat-annotations-security-bypass(67515) https://exchange.xforce.ibmcloud.com/vulnerabilities/67515
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.