Description

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Remediation

References

CVE-2010-3718

Related Vulnerabilities

WebLogic CVE-2020-14882 Vulnerability (CVE-2020-14882)

Roundcube Resource Management Errors Vulnerability (CVE-2011-4078)

WordPress Plugin WP HTML Sitemap Cross-Site Request Forgery (1.2)

OpenSSL Integer Overflow or Wraparound Vulnerability (CVE-2016-2177)

Ruby Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-14064)

Severity

Low

Classification

CVE-2010-3718

Tags

Missing Update Known Vulnerabilities