Description

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Remediation

References

CVE-2010-3718

Related Vulnerabilities

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-37695)

jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31160)

WordPress Plugin WP Page Builder Cross-Site Scripting (1.2.8)

MySQL Other Vulnerability (CVE-2003-0780)

WordPress Plugin SAML SP Single Sign On-SSO login Cross-Site Scripting (4.8.72)

Severity

Low

Classification

CVE-2010-3718

Tags

Missing Update Known Vulnerabilities