Description
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
Remediation
References
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/DefaultInstanceManager.java?r1=1176588&r2=1176587&pathrev=1176588
http://svn.apache.org/viewvc?view=revision&revision=1176588
http://tomcat.apache.org/security-7.html
http://www.securityfocus.com/bid/50603
Related Vulnerabilities
CVE-2023-33002 Vulnerability in maven package org.jenkins-ci.plugins:testcomplete
CVE-2023-29211 Vulnerability in maven package org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
CVE-2020-8244 Vulnerability in npm package bl
CVE-2023-34238 Vulnerability in npm package gatsby
CVE-2021-41182 Vulnerability in maven package org.webjars.npm:jquery-ui