CVE-2011-1183
First published: Fri Apr 08 2011(Updated: )
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.apache.tomcat:tomcat | =7.0.11 | 7.0.12 |
| Tomcat | =7.0.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://seclists.org/fulldisclosure/2011/Apr/96
- http://securityreason.com/securityalert/8187
- http://svn.apache.org/viewvc?view=revision&revision=1087643
- http://tomcat.apache.org/security-7.html
- http://www.securityfocus.com/archive/1/517362/100/0/threaded
- http://www.securityfocus.com/bid/47196
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66675
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12701
- https://nvd.nist.gov/vuln/detail/CVE-2011-1183
- https://github.com/apache/tomcat/commit/b7b5c63a932f6c1ea05f9b65ad9054247bb5af57
- https://web.archive.org/web/20200229122300/http://www.securityfocus.com/bid/47196
- https://web.archive.org/web/20200928033804/http://www.securityfocus.com/archive/1/517362/100/0/threaded
- https://github.com/advisories/GHSA-p26v-97vp-jcx6 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2011-1183?
CVE-2011-1183 is classified as a medium severity vulnerability that permits unauthorized access to web applications.
How do I fix CVE-2011-1183?
To fix CVE-2011-1183, upgrade Apache Tomcat to version 7.0.12 or later where the issue is resolved.
What is the impact of CVE-2011-1183?
The impact of CVE-2011-1183 allows remote attackers to bypass access restrictions due to the lack of login configuration in web.xml.
Which versions of Apache Tomcat are affected by CVE-2011-1183?
Apache Tomcat version 7.0.11 is specifically affected by CVE-2011-1183.
Is CVE-2011-1183 fixed in future versions of Apache Tomcat?
Yes, CVE-2011-1183 is addressed in Apache Tomcat version 7.0.12 and later.
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-p26v-97vp-jcx6
- alias/CVE-2011-1183
- agent/software-canonical-lookup
- agent/weakness
- agent/references
- agent/severity
- agent/remedy
- agent/softwarecombine
- agent/description
- agent/author
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-cve
- source/NVD
- collector/nvd-historical
- package-manager/maven
- vendor/apache
- canonical/tomcat
- version/tomcat/7.0.11