1. Apache Tomcat Security Constraint Bypass via HTTP/0.9 Protocol Manipulation
A critical improper input validation vulnerability in Apache Tomcat enables attackers to bypass configured security constraints by exploiting how the server handles HTTP/0.9 requests. The flaw specifically targets deployments where security rules permit HEAD requests but deny GET requests to protected URIs. By sending ...