Apache Tomcat CVE-2018-1305 Vulnerability

description-logoDescription

Security constraints defined by annotations of Servlets were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.

affected-products-logoAffected Applications

Apache Tomcat

CVE References

CVE-2018-1305