Description
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Download Manager Arbitrary File Upload (2.8.97)
WordPress Plugin WP CSV Unspecified Vulnerability (1.7.8.0)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5106)
Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-20417)