Description
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Export any WordPress data to XML/CSV Cross-Site Scripting (1.3.0)
WordPress Plugin AppPresser-Mobile App Framework Security Bypass (4.3.2)
WebLogic CVE-2020-14750 Vulnerability (CVE-2020-14750)
PHP Other Vulnerability (CVE-2015-6832)
WordPress Plugin Support Ticket System By Phoeniixx Unspecified Vulnerability (2.7)