Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
1.2
CVSSv2

CVE-2010-3718

Published: 10/02/2011 Updated: 13/02/2023
CVSS v2 Base Score: 1.2 | Impact Score: 2.9 | Exploitability Score: 1.9
VMScore: 107
Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N
Subscribe to Apache

Vulnerability Summary

Apache Tomcat 7.0.0 up to and including 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 7.0.1

apache tomcat 7.0.2

apache tomcat 7.0.0

apache tomcat 7.0.3

apache tomcat 6.0.6

apache tomcat 6.0.11

apache tomcat 6.0.7

apache tomcat 6.0.4

apache tomcat 6.0.15

apache tomcat 6.0.20

apache tomcat 6.0.10

apache tomcat 6.0.29

apache tomcat 6.0.3

apache tomcat 6.0.9

apache tomcat 6.0.24

apache tomcat 6.0.17

apache tomcat 6.0

apache tomcat 6.0.28

apache tomcat 6.0.0

apache tomcat 6.0.14

apache tomcat 6.0.1

apache tomcat 6.0.12

apache tomcat 6.0.18

apache tomcat 6.0.5

apache tomcat 6.0.2

apache tomcat 6.0.13

apache tomcat 6.0.26

apache tomcat 6.0.19

apache tomcat 6.0.27

apache tomcat 6.0.16

apache tomcat 6.0.8

apache tomcat 5.5.27

apache tomcat 5.5.18

apache tomcat 5.5.12

apache tomcat 5.5.14

apache tomcat 5.5.10

apache tomcat 5.5.4

apache tomcat 5.5.7

apache tomcat 5.5.1

apache tomcat 5.5.11

apache tomcat 5.5.28

apache tomcat 5.5.6

apache tomcat 5.5.26

apache tomcat 5.5.20

apache tomcat 5.5.15

apache tomcat 5.5.5

apache tomcat 5.5.30

apache tomcat 5.5.21

apache tomcat 5.5.22

apache tomcat 5.5.3

apache tomcat 5.5.32

apache tomcat 5.5.9

apache tomcat 5.5.25

apache tomcat 5.5.2

apache tomcat 5.5.0

apache tomcat 5.5.13

apache tomcat 5.5.24

apache tomcat 5.5.8

apache tomcat 5.5.16

apache tomcat 5.5.17

apache tomcat 5.5.29

apache tomcat 5.5.19

apache tomcat 5.5.23

Vendor Advisories

Red Hat: Moderate: tomcat5 security update
Synopsis Moderate: tomcat5 security update Type/Severity Security Advisory: Moderate Topic Updated tomcat5 packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerabili ...
Ubuntu Security Notice: tomcat6 vulnerabilities
An attacker could send crafted input to Tomcat and cause it to crash or read and write arbitrary files ...
Debian CVElist Bug Report Logs: Three Tomcat vulnerabilities
Debian Bug report logs - #612257 Three Tomcat vulnerabilities Package: tomcat6; Maintainer for tomcat6 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Mon, 7 Feb 2011 08:45:14 UTC Severity: grave Tags: security Fixed in ver ...
Debian Security Advisories: DSA-2160-1 tomcat6 -- several vulnerabilities
Several vulnerabilities were discovered in the Tomcat Servlet and JSP engine: CVE-2010-3718 It was discovered that the SecurityManager insufficiently restricted the working directory CVE-2011-0013 It was discovered that the HTML manager interface is affected by cross-site scripting CVE-2011-0534 It was discovered that N ...
Symantec Security Advisories: SA66 : Multiple Tomcat vulnerabilities in IntelligenceCenter
IntelligenceCenter uses a version of Tomcat that has several publicly documented vulnerabilities The most severe vulnerability allows an attacker to mount a denial of service attack or to obtain sensitive information by using a specially crafted header ...

References

NVD-CWE-Otherhttp://tomcat.apache.org/security-6.htmlhttp://www.securityfocus.com/bid/46177http://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-7.htmlhttp://www.securitytracker.com/id?1025025http://secunia.com/advisories/43192http://www.mandriva.com/security/advisories?name=MDVSA-2011:030http://www.redhat.com/support/errata/RHSA-2011-0896.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0791.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0897.htmlhttp://securityreason.com/securityalert/8072http://support.apple.com/kb/HT5002http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://secunia.com/advisories/45022http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.htmlhttp://www.redhat.com/support/errata/RHSA-2011-1845.htmlhttp://marc.info/?l=bugtraq&m=132215163318824&w=2http://marc.info/?l=bugtraq&m=136485229118404&w=2http://www.debian.org/security/2011/dsa-2160http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://marc.info/?l=bugtraq&m=139344343412337&w=2http://secunia.com/advisories/57126http://marc.info/?l=bugtraq&m=130168502603566&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/65159https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19379https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13969https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12517http://www.securityfocus.com/archive/1/516211/100/0/threadedhttps://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2011:1845http://tools.cisco.com/security/center/viewAlert.x?alertId=22367https://nvd.nist.govhttps://usn.ubuntu.com/1097-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
elevation of privilegeCVE-2022-42331CVE-2023-24709CVE-2023-27569open redirectinjectionCVE-2023-27087
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook