CVE-2011-0655 is a vulnerability that was discovered in 2011. It is a flaw in Apache Tomcat that allows remote attackers to bypass security constraints and gain unauthorized access to sensitive information or perform arbitrary actions. The vulnerability can be exploited by sending specially crafted HTTP requests to the affected server, which can result in the execution of malicious code or the exposure of confidential data.
The vulnerability was first reported on February 15, 2011, and a patch was released by the Apache Software Foundation on March 3, 2011. However, it is believed that attackers had already been exploiting the vulnerability for several weeks before the patch was made available. The exploit was used in attacks against websites and servers using vulnerable versions of Apache Tomcat, potentially resulting in the theft of sensitive data or the compromise of entire systems.
As a result of CVE-2011-0655, organizations using Apache Tomcat were advised to apply the patch as soon as possible to prevent any potential exploitation. Additionally, it highlighted the importance of regular software updates and vulnerability scans to detect and remediate vulnerabilities before they can be exploited by attackers.