Apache Tomcat suffers from a security constraint bypass vulnerability. When a web application was started, @ServletSecurity annotations were ignored. This meant that some areas of the application may not have been protected as expected. Versions 7.0.0 through 7.0.10 are affected.
8a459ba580bcdf3eabe89c5db1e97f2e14dcd5d7d4fae110537f27c2bec83699