Published: 10/02/2011 Updated: 13/02/2023

CVSS v2 Base Score: 1.2 | Impact Score: 2.9 | Exploitability Score: 1.9

VMScore: 107

Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N

Apache Tomcat 7.0.0 up to and including 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tomcat 7.0.1
apache tomcat 7.0.2
apache tomcat 7.0.0
apache tomcat 7.0.3
apache tomcat 6.0.6
apache tomcat 6.0.11
apache tomcat 6.0.7
apache tomcat 6.0.4
apache tomcat 6.0.15
apache tomcat 6.0.20
apache tomcat 6.0.10
apache tomcat 6.0.29
apache tomcat 6.0.3
apache tomcat 6.0.9
apache tomcat 6.0.24
apache tomcat 6.0.17
apache tomcat 6.0
apache tomcat 6.0.28
apache tomcat 6.0.0
apache tomcat 6.0.14
apache tomcat 6.0.1
apache tomcat 6.0.12
apache tomcat 6.0.18
apache tomcat 6.0.5
apache tomcat 6.0.2
apache tomcat 6.0.13
apache tomcat 6.0.26
apache tomcat 6.0.19
apache tomcat 6.0.27
apache tomcat 6.0.16
apache tomcat 6.0.8
apache tomcat 5.5.27
apache tomcat 5.5.18
apache tomcat 5.5.12
apache tomcat 5.5.14
apache tomcat 5.5.10
apache tomcat 5.5.4
apache tomcat 5.5.7
apache tomcat 5.5.1
apache tomcat 5.5.11
apache tomcat 5.5.28
apache tomcat 5.5.6
apache tomcat 5.5.26
apache tomcat 5.5.20
apache tomcat 5.5.15
apache tomcat 5.5.5
apache tomcat 5.5.30
apache tomcat 5.5.21
apache tomcat 5.5.22
apache tomcat 5.5.3
apache tomcat 5.5.32
apache tomcat 5.5.9
apache tomcat 5.5.25
apache tomcat 5.5.2
apache tomcat 5.5.0
apache tomcat 5.5.13
apache tomcat 5.5.24
apache tomcat 5.5.8
apache tomcat 5.5.16
apache tomcat 5.5.17
apache tomcat 5.5.29
apache tomcat 5.5.19
apache tomcat 5.5.23

Synopsis Moderate: tomcat5 security update Type/Severity Security Advisory: Moderate Topic Updated tomcat5 packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerabili ...

Debian Bug report logs - #612257 Three Tomcat vulnerabilities Package: tomcat6; Maintainer for tomcat6 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Mon, 7 Feb 2011 08:45:14 UTC Severity: grave Tags: security Fixed in ver ...

An attacker could send crafted input to Tomcat and cause it to crash or read and write arbitrary files ...

Several vulnerabilities were discovered in the Tomcat Servlet and JSP engine: CVE-2010-3718 It was discovered that the SecurityManager insufficiently restricted the working directory CVE-2011-0013 It was discovered that the HTML manager interface is affected by cross-site scripting CVE-2011-0534 It was discovered that N ...

Домашнее задание к занятию «Уязвимости и атаки на информационные системы» Брюхов А SYS-26 Задание 1 Скачайте и установите виртуальную машину Metasploitable: sourceforgenet/projects/metasploitable/ Это типовая ОС для экспери�

NVD-CWE-Other http://tomcat.apache.org/security-6.html http://www.securityfocus.com/bid/46177 http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-7.html http://www.securitytracker.com/id?1025025 http://secunia.com/advisories/43192 http://www.mandriva.com/security/advisories?name=MDVSA-2011:030 http://www.redhat.com/support/errata/RHSA-2011-0896.html http://www.redhat.com/support/errata/RHSA-2011-0791.html http://www.redhat.com/support/errata/RHSA-2011-0897.html http://securityreason.com/securityalert/8072 http://support.apple.com/kb/HT5002 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://secunia.com/advisories/45022 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html http://www.redhat.com/support/errata/RHSA-2011-1845.html http://marc.info/?l=bugtraq&m=132215163318824&w=2 http://marc.info/?l=bugtraq&m=136485229118404&w=2 http://www.debian.org/security/2011/dsa-2160 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://secunia.com/advisories/57126 http://marc.info/?l=bugtraq&m=130168502603566&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/65159 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19379 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13969 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12517 http://www.securityfocus.com/archive/1/516211/100/0/threaded https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E https://access.redhat.com/errata/RHSA-2011:1845 https://usn.ubuntu.com/1097-1/https://nvd.nist.gov

CVE-2010-3718

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect