Showing 1 - 3 of 3

CVE-2011-1183

Status Candidate

Overview

Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.

Related Files

Kernel Live Patch Security Notice LSN-0053-1: Posted Jul 29, 2019; Authored by Benjamin M. Romer; Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. It was discovered that the Linux kernel on ARM processors allowed a tracing process to modify a syscall after a seccomp decision had been made on that syscall. A local attacker could possibly use this to bypass seccomp restrictions. Various other issues were also addressed.; tags | advisory, denial of service, kernel, local; systems | linux; advisories | CVE-2011-1079, CVE-2011-11833, CVE-2011-11884, CVE-2019-11815, CVE-2019-2054; SHA-256 | 6816c4785b56430dc635ceb03383ffc424c8c6dc0006c08814cc9b42003fff08; Download | Favorite | View

Gentoo Linux Security Advisory 201206-24: Posted Jun 24, 2012; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201206-24 - Multiple vulnerabilities were found in Apache Tomcat, the worst of which allowing to read, modify and overwrite arbitrary files. Versions 5.5.34 are affected.; tags | advisory, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4172, CVE-2010-4312, CVE-2011-0013, CVE-2011-0534, CVE-2011-1088, CVE-2011-1183, CVE-2011-1184, CVE-2011-1419, CVE-2011-1475, CVE-2011-1582, CVE-2011-2204, CVE-2011-2481, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-3375, CVE-2011-4858; SHA-256 | 2554deef0443d375e952662e346879fa72a6339fcb77237d7e198b3b4d27ff87; Download | Favorite | View

Apache Tomcat 7.0.11 Security Constraint Bypass: Posted Apr 6, 2011; Authored by Mark Thomas | Site tomcat.apache.org; A regression in the Apache Tomcat version 7.0.11 fix for CVE-2011-1088 meant that security constraints were ignored when no login configuration was present in the web.xml and the web application was marked as meta-data complete.; tags | advisory, web; advisories | CVE-2011-1183; SHA-256 | f6b2b096dcc36a205b8bfec2257398759e64fec7afb1afb2949dc551b477a0f8; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 297 files
Ubuntu 69 files
Debian 20 files
Gentoo 8 files
Apple 6 files
Google Security Research 4 files
LiquidWorm 4 files
Spencer McIntyre 3 files
Alter Prime 3 files
Jann Horn 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2011-1183

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems