Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-qg9k-3w1w-zqa1

Summary

Apache Tomcat does not follow ServletSecurity annotations
Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.

Aliases

alias	CVE-2011-1419

alias	GHSA-vch7-92vf-jm44

Fixed_packages

url	pkg:ebuild/www-servers/tomcat@7.0.23
purl	pkg:ebuild/www-servers/tomcat@7.0.23
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/tomcat@7.0.23

url pkg:maven/org.apache.tomcat/tomcat@7.0.11

purl pkg:maven/org.apache.tomcat/tomcat@7.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-89e9-m968-vfhe

vulnerability	VCID-b83j-cebv-9ua6

vulnerability	VCID-smj1-gnyx-nyc6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@7.0.11

Affected_packages

References

reference_url

http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106@apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106@apache.org%3E

reference_url

http://marc.info/?l=tomcat-user&m=129966773405409&w=2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://marc.info/?l=tomcat-user&m=129966773405409&w=2

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1419.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1419.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-1419

reference_id

reference_type

scores

value	0.16103
scoring_system	epss
scoring_elements	0.94915
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-1419

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/65971

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/65971

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/66154

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/66154

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url

https://github.com/apache/tomcat/commit/0ff4905158b77787a7f3aca55c9dec93456665dc

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/0ff4905158b77787a7f3aca55c9dec93456665dc

reference_url

https://github.com/apache/tomcat/commit/3e5b0455483eed55752047073e92403bfca8d3ec

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/3e5b0455483eed55752047073e92403bfca8d3ec

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-1419

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-1419

reference_url

http://svn.apache.org/viewvc?view=revision&revision=1079752

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://svn.apache.org/viewvc?view=revision&revision=1079752

reference_url

https://web.archive.org/web/20110307182442/http://markmail.org/message/yzmyn44f5aetmm2r

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20110307182442/http://markmail.org/message/yzmyn44f5aetmm2r

reference_url

https://web.archive.org/web/20110323002552/http://markmail.org/message/lzx5273wsgl5pob6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20110323002552/http://markmail.org/message/lzx5273wsgl5pob6

reference_url

https://web.archive.org/web/20170202135440/http://www.securityfocus.com/bid/46685

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170202135440/http://www.securityfocus.com/bid/46685

reference_url

http://tomcat.apache.org/security-7.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://tomcat.apache.org/security-7.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=708955
reference_id	708955
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=708955

reference_url	https://security.gentoo.org/glsa/201206-24
reference_id	GLSA-201206-24
reference_type
scores
url	https://security.gentoo.org/glsa/201206-24

Weaknesses

cwe_id	284
name	Improper Access Control
description	The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qg9k-3w1w-zqa1

Vulnerability Instance