Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability

info
discussion
exploit
solution
references

Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability

Apache Tomcat is prone to a security-bypass vulnerability related to extensions of 'RemoteFilterValve'.

Attackers may be able to bypass certain access restrictions.

The following versions are vulnerable:

Tomcat 4.1.0 through 4.1.32
Tomcat 5.5.0