Description
A vulnerability has been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to the application not properly enforcing "@ServletSecurity" annotations when loading servlets. This can be exploited to e.g. bypass the security constraints specified via the annotations and disclose certain information.
The vulnerability is reported in versions 7.0.0 through 7.0.10.
Solution
Update to version 7.0.11.
Provided and/or discovered by
Michael McCutcheon
Michael McCutcheon
Original Advisory
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.10_%28released_8_Mar_2011%29
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.11_%28released_11_Mar_2011%29
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.10_%28released_8_Mar_2011%29
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.11_%28released_11_Mar_2011%29
Source Advisory:
http://secunia.com/advisories/43684/
http://secunia.com/advisories/43684/
Download Apache Tomcat
http://tomcat.apache.org/download-70.cgi
http://tomcat.apache.org/download-70.cgi
Comments
Post a Comment