Description
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Theme Blvd Shortcodes Multiple Security Bypass Vulnerabilities (1.5.2)
MySQL CVE-2019-2625 Vulnerability (CVE-2019-2625)
WordPress Plugin JobSearch WP Job Board Cross-Site Scripting (1.5.4)
Apache HTTP Server Other Vulnerability (CVE-2001-1342)
Jenkins Improper Input Validation Vulnerability (CVE-2016-0789)