Summary
This host is running Apache Tomcat and is prone to security bypass vulnerability.
Impact
Successful exploitation will allow remote attackers to bypass certain authentication and obtain sensitive information.
Impact Level: Application
Solution
Upgrade Apache Tomcat version to 5.5.33, 6.0.30, 7.0.4 or later, For updates refer to http://tomcat.apache.org
Insight
The flaw is due to the ServletContect attribute being improperly restricted to read-only setting.
Affected
Apache Tomcat version 5.5.x before 5.5.33
Apache Tomcat version 6.0.x before 6.0.30
Apache Tomcat version 7.0.x before 7.0.4
Detection
Get the installed version of Apache Tomcat with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2010-3718 -
CVSS Base Score: 1.2
AV:L/AC:H/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- MantisBT 'adm_config_report.php' Cross-Site Scripting Vulnerability - January15
- Moodle Prior to 1.9.8/1.8.12 Multiple Vulnerabilities
- Firefox Information Disclosure Vulnerability Jan09 (Linux)
- phpGraphy 'theme_dir' Parameter Cross Site Scripting Vulnerability
- phpLDAPadmin 'server_id' Parameter Cross Site Scripting Vulnerabilities