VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-sp3x-x26s-hue6

Essentials
Severities (22)
References (23)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-sp3x-x26s-hue6
Aliases	CVE-2011-1582 GHSA-3xpj-jgv5-q4vv
Summary	Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3C4DD26E30.2060103@apache.org%3E
epss	0.0153	https://api.first.org/data/v1/epss?cve=CVE-2011-1582
epss	0.0153	https://api.first.org/data/v1/epss?cve=CVE-2011-1582
epss	0.0153	https://api.first.org/data/v1/epss?cve=CVE-2011-1582
epss	0.0153	https://api.first.org/data/v1/epss?cve=CVE-2011-1582
epss	0.0153	https://api.first.org/data/v1/epss?cve=CVE-2011-1582
epss	0.0153	https://api.first.org/data/v1/epss?cve=CVE-2011-1582
epss	0.0153	https://api.first.org/data/v1/epss?cve=CVE-2011-1582
epss	0.0153	https://api.first.org/data/v1/epss?cve=CVE-2011-1582
epss	0.0153	https://api.first.org/data/v1/epss?cve=CVE-2011-1582
apache_tomcat	Important	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1582
generic_textual	MODERATE	http://securityreason.com/securityalert/8256
generic_textual	MODERATE	https://exchange.xforce.ibmcloud.com/vulnerabilities/67515
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-3xpj-jgv5-q4vv
generic_textual	MODERATE	https://github.com/apache/tomcat
generic_textual	MODERATE	https://github.com/apache/tomcat/commit/299b26af66793438c323ea6b18462fa44683080f
cvssv2	4.3	https://nvd.nist.gov/vuln/detail/CVE-2011-1582
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2011-1582
generic_textual	MODERATE	http://svn.apache.org/viewvc?view=revision&revision=1100832
generic_textual	MODERATE	https://web.archive.org/web/20111110135226/http://www.securityfocus.com/archive/1/518032/100/0/threaded
generic_textual	MODERATE	https://web.archive.org/web/20170202135510/http://www.securityfocus.com/bid/47886
generic_textual	MODERATE	http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.14_%28released_12_May_2011%29

Reference id	Reference type	URL
		http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3C4DD26E30.2060103%40apache.org%3E
		http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3C4DD26E30.2060103@apache.org%3E
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1582.json
		https://api.first.org/data/v1/epss?cve=CVE-2011-1582
		http://securityreason.com/securityalert/8256
		https://exchange.xforce.ibmcloud.com/vulnerabilities/67515
		https://github.com/apache/tomcat
		https://github.com/apache/tomcat/commit/299b26af66793438c323ea6b18462fa44683080f
		https://svn.apache.org/viewvc?view=rev&rev=1100832
		http://svn.apache.org/viewvc?view=revision&revision=1100832
		https://web.archive.org/web/20111110135226/http://www.securityfocus.com/archive/1/518032/100/0/threaded
		https://web.archive.org/web/20170202135510/http://www.securityfocus.com/bid/47886
		http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.14_%28released_12_May_2011%29
		http://www.securityfocus.com/archive/1/518032/100/0/threaded
		http://www.securityfocus.com/bid/47886
		http://www.vupen.com/english/advisories/2011/1255
708955		https://bugzilla.redhat.com/show_bug.cgi?id=708955
cpe:2.3:a:apache:tomcat:7.0.12:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.13:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.13:::::::*
CVE-2011-1582		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1582
CVE-2011-1582		https://nvd.nist.gov/vuln/detail/CVE-2011-1582
GHSA-3xpj-jgv5-q4vv		https://github.com/advisories/GHSA-3xpj-jgv5-q4vv
GLSA-201206-24		https://security.gentoo.org/glsa/201206-24

No exploits are available.

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2011-1582

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Exploit Prediction Scoring System (EPSS)

Percentile	0.81244
EPSS Score	0.0153
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:38:15.624226+00:00	Apache Tomcat Importer	Import	https://tomcat.apache.org/security-7.html	38.0.0