Description
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
Remediation
References
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/DefaultInstanceManager.java?r1=1176588&r2=1176587&pathrev=1176588
http://svn.apache.org/viewvc?view=revision&revision=1176588
http://tomcat.apache.org/security-7.html
http://www.securityfocus.com/bid/50603
Related Vulnerabilities
CVE-2018-1999024 Vulnerability in npm package mathjax
CVE-2006-1547 Vulnerability in maven package struts:struts
CVE-2023-26471 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rendering-async-api
CVE-2023-30857 Vulnerability in npm package @aedart/support
CVE-2023-30541 Vulnerability in npm package @openzeppelin/contracts-upgradeable