Candidate: CVE-2011-1183
PublicDate: 2011-04-08 15:17:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1183
Description:
 Apache Tomcat 7.0.11, when web.xml has no login configuration, does not
 follow security constraints, which allows remote attackers to bypass
 intended access restrictions via HTTP requests to a meta-data complete web
 application.  NOTE: this vulnerability exists because of an incorrect fix
 for CVE-2011-1088 and CVE-2011-1419.
Ubuntu-Description:
Notes:
Bugs:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS: 

Patches_tomcat6:
upstream_tomcat6: needs-triage
dapper_tomcat6: DNE
hardy_tomcat6: DNE
karmic_tomcat6: not-affected (tomcat7 only)
lucid_tomcat6: not-affected (tomcat7 only)
maverick_tomcat6: not-affected (tomcat7 only)
devel_tomcat6: not-affected (tomcat7 only)