angler-fishThe Vulnerability History Project

CVE-2011-1088

      @ServletSecurity
Servlets added via addServlet() should not be processed unless created via craeteServlet. Need to delay scanning until urlPatterns are known

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1077995 13f79535-47bb-0310-9956-ffa450edef68
by Pauline the Wren 2011-03-04 15:17:22 UTC
commit ece65c1a428094b1c6c17de3d7593f64e1bb1286
Tomcat Fix Ignored Security Annotations CVE-2011-1088 VCC Servlet Load Order CVE-2018-1305
java/org/apache/catalina/Wrapper.java
-15
java/org/apache/catalina/authenticator/AuthenticatorBase.java
+3 -1
java/org/apache/catalina/core/StandardContext.java
+1 -14
java/org/apache/catalina/core/StandardWrapper.java
+11 -42
test/org/apache/catalina/core/TestStandardWrapper.java
-67
expand_less