Description
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
Remediation
References
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/DefaultInstanceManager.java?r1=1176588&r2=1176587&pathrev=1176588
http://svn.apache.org/viewvc?view=revision&revision=1176588
http://tomcat.apache.org/security-7.html
http://www.securityfocus.com/bid/50603
Related Vulnerabilities
CVE-2023-40013 Vulnerability in npm package external-svg-loader
CVE-2018-20000 Vulnerability in maven package org.bedework:bw-webdav
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-trino
CVE-2017-16038 Vulnerability in npm package f2e-server
CVE-2018-20595 Vulnerability in maven package org.hswebframework.web:hsweb-system-oauth2-client-web