CVE-2011-1582

Description

Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.

How to fix CVE-2011-1582

To remediate CVE-2011-1582, upgrade the affected package to a fixed version below.

• Maven/org.apache.tomcat:tomcat—upgrade to 7.0.14 or later

Is CVE-2011-1582 being exploited?

Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• >= 7.0.12, < 7.0.14

References (10)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2011-1582
• PATCHgithub.com/apache/tomcat
• WEBmail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3C4DD26E30.2060103@apache.org%3E
• WEBsecurityreason.com/securityalert/8256
• WEB