Description
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Remediation
References
Related Vulnerabilities
PHP Use After Free Vulnerability (CVE-2016-9137)
WordPress Plugin Woocommerce CSV importer Unspecified Vulnerability (3.4.0)
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.7)
OpenSSL Integer Overflow or Wraparound Vulnerability (CVE-2021-23840)
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-5954)