Description

A vulnerability has been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the application not properly enforcing “@ServletSecurity” annotations when loading servlets. This can be exploited to e.g. bypass the security constraints specified via the annotations and disclose certain information.

The vulnerability is reported in versions 7.0.0 through 7.0.10.

Solution

Update to version 7.0.11.

Provided and/or discovered by
Michael McCutcheon

Changelog
Further details available in Customer Area

Original Advisory
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.10_%28released_8_Mar_2011%29
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.11_%28released_11_Mar_2011%29

Source Advisory:
http://secunia.com/advisories/43684/

Download Apache Tomcat
http://tomcat.apache.org/download-70.cgi