The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x prior to 7.0.68, 8.x prior to 8.0.31, and 9.x prior to 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
apache tomcat 7.0.2 |
||
apache tomcat 8.0.30 |
||
apache tomcat 7.0.12 |
||
apache tomcat 7.0.62 |
||
apache tomcat 8.0.17 |
||
apache tomcat 7.0.53 |
||
apache tomcat 7.0.20 |
||
apache tomcat 7.0.34 |
||
apache tomcat 8.0.26 |
||
apache tomcat 7.0.55 |
||
apache tomcat 7.0.4 |
||
apache tomcat 7.0.63 |
||
apache tomcat 8.0.20 |
||
apache tomcat 7.0.22 |
||
apache tomcat 7.0.39 |
||
apache tomcat 7.0.26 |
||
apache tomcat 7.0.28 |
||
apache tomcat 8.0.1 |
||
apache tomcat 8.0.0 |
||
apache tomcat 7.0.59 |
||
apache tomcat 7.0.65 |
||
apache tomcat 7.0.50 |
||
apache tomcat 7.0.6 |
||
apache tomcat 8.0.12 |
||
apache tomcat 7.0.14 |
||
apache tomcat 8.0.27 |
||
apache tomcat 8.0.15 |
||
apache tomcat 7.0.11 |
||
apache tomcat 7.0.67 |
||
apache tomcat 7.0.23 |
||
apache tomcat 7.0.0 |
||
apache tomcat 8.0.22 |
||
apache tomcat 8.0.29 |
||
apache tomcat 7.0.52 |
||
apache tomcat 7.0.42 |
||
apache tomcat 7.0.37 |
||
apache tomcat 7.0.29 |
||
apache tomcat 8.0.11 |
||
apache tomcat 8.0.24 |
||
apache tomcat 8.0.23 |
||
apache tomcat 7.0.47 |
||
apache tomcat 7.0.5 |
||
apache tomcat 8.0.21 |
||
apache tomcat 7.0.41 |
||
apache tomcat 7.0.30 |
||
apache tomcat 7.0.19 |
||
apache tomcat 7.0.16 |
||
apache tomcat 7.0.10 |
||
apache tomcat 8.0.18 |
||
apache tomcat 7.0.25 |
||
apache tomcat 7.0.54 |
||
apache tomcat 7.0.35 |
||
apache tomcat 7.0.61 |
||
apache tomcat 8.0.3 |
||
apache tomcat 7.0.57 |
||
apache tomcat 8.0.14 |
||
apache tomcat 7.0.32 |
||
apache tomcat 7.0.21 |
||
apache tomcat 7.0.27 |
||
apache tomcat 7.0.40 |
||
apache tomcat 7.0.56 |
||
apache tomcat 8.0.28 |
||
apache tomcat 7.0.64 |
||
apache tomcat 7.0.33 |
||
apache tomcat 9.0.0 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 14.04 |