CVE-2021-28449 is a vulnerability that was discovered in April of 2021. It affects the Apache Tomcat web server, particularly versions 10.0.0-M1 to 10.0.6, 9.0.0.M5 to 9.0.46, and 8.5.0 to 8.5.66. This vulnerability allows an attacker to bypass security constraints and access resources on the web server that they should not be able to access. The attacker can exploit this vulnerability remotely without authentication.
The vulnerability was discovered by a security researcher named Daniel Fuchs, who reported it to the Apache Tomcat Project. The project team quickly released patches for the affected versions of the web server to address the vulnerability. They also recommended that users of earlier versions upgrade to the latest version of the software to prevent potential attacks.
This vulnerability highlights the importance of regularly updating software and implementing secure coding practices. It also underscores the need for organizations to have strong incident response plans in place to quickly mitigate any vulnerabilities that are discovered. By promptly addressing this vulnerability, the Apache Tomcat Project demonstrated their commitment to maintaining the security of their software and protecting their users from potential attacks.