A vulnerability has been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the application not properly enforcing “@ServletSecurity” annotations when loading servlets. This can be exploited to e.g. bypass the security constraints specified via the annotations and disclose certain information.

The vulnerability is reported in versions 7.0.0 through 7.0.10.


Update to version 7.0.11.

Provided and/or discovered by
Michael McCutcheon

Further details available in Customer Area

Original Advisory

Source Advisory:

Download Apache Tomcat