Published: 10/02/2011 Updated: 21/11/2024

Apache Tomcat 7.0.0 up to and including 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tomcat 7.0.0
apache tomcat 7.0.1
apache tomcat 7.0.2
apache tomcat 7.0.3
apache tomcat 6.0
apache tomcat 6.0.0
apache tomcat 6.0.1
apache tomcat 6.0.2
apache tomcat 6.0.3
apache tomcat 6.0.4
apache tomcat 6.0.5
apache tomcat 6.0.6
apache tomcat 6.0.7
apache tomcat 6.0.8
apache tomcat 6.0.9
apache tomcat 6.0.10
apache tomcat 6.0.11
apache tomcat 6.0.12
apache tomcat 6.0.13
apache tomcat 6.0.14
apache tomcat 6.0.15
apache tomcat 6.0.16
apache tomcat 6.0.17
apache tomcat 6.0.18
apache tomcat 6.0.19
apache tomcat 6.0.20
apache tomcat 6.0.24
apache tomcat 6.0.26
apache tomcat 6.0.27
apache tomcat 6.0.28
apache tomcat 6.0.29
apache tomcat 5.5.0
apache tomcat 5.5.1
apache tomcat 5.5.2
apache tomcat 5.5.3
apache tomcat 5.5.4
apache tomcat 5.5.5
apache tomcat 5.5.6
apache tomcat 5.5.7
apache tomcat 5.5.8
apache tomcat 5.5.9
apache tomcat 5.5.10
apache tomcat 5.5.11
apache tomcat 5.5.12
apache tomcat 5.5.13
apache tomcat 5.5.14
apache tomcat 5.5.15
apache tomcat 5.5.16
apache tomcat 5.5.17
apache tomcat 5.5.18
apache tomcat 5.5.19
apache tomcat 5.5.20
apache tomcat 5.5.21
apache tomcat 5.5.22
apache tomcat 5.5.23
apache tomcat 5.5.24
apache tomcat 5.5.25
apache tomcat 5.5.26
apache tomcat 5.5.27
apache tomcat 5.5.28
apache tomcat 5.5.29
apache tomcat 5.5.30
apache tomcat 5.5.32

Synopsis Moderate: tomcat5 security update Type/Severity Security Advisory: Moderate Topic Updated tomcat5 packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerabili ...

An attacker could send crafted input to Tomcat and cause it to crash or read and write arbitrary files ...

Debian Bug report logs - #612257 Three Tomcat vulnerabilities Package: tomcat6; Maintainer for tomcat6 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Mon, 7 Feb 2011 08:45:14 UTC Severity: grave Tags: security Fixed in ver ...

Several vulnerabilities were discovered in the Tomcat Servlet and JSP engine: CVE-2010-3718 It was discovered that the SecurityManager insufficiently restricted the working directory CVE-2011-0013 It was discovered that the HTML manager interface is affected by cross-site scripting CVE-2011-0534 It was discovered that N ...

Домашнее задание к занятию «Уязвимости и атаки на информационные системы» Брюхов А SYS-26 Задание 1 Скачайте и установите виртуальную машину Metasploitable: sourceforgenet/projects/metasploitable/ Это типовая ОС для экспери�

Get Started

CVE-2010-3718

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect