Access Restriction Bypass
Affecting org.apache.tomcat:tomcat-catalina artifact, versions [7.0.12, 7.0.14)Report new vulnerabilities
org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations.
Affected versions of this package are vulnerable to Access Restriction Bypass.
web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application.
NOTE: this vulnerability exists because of an incorrect fix for
org.apache.tomcat:tomcat-catalina to version 7.0.14 or higher.