A vulnerability in Apache Tomcat enables users to bypass certain access controls by leveraging legacy HTTP/0.9 requests. Under specific configurations, the issue could allow attackers to circumvent defined security constraints. “If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET…
Everything is ideas, the rest is nature.
