Description
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
Remediation
References
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/DefaultInstanceManager.java?r1=1176588&r2=1176587&pathrev=1176588
http://svn.apache.org/viewvc?view=revision&revision=1176588
http://tomcat.apache.org/security-7.html
http://www.securityfocus.com/bid/50603
Related Vulnerabilities
CVE-2020-11023 Vulnerability in maven package org.webjars.npm:jquery
CVE-2021-29620 Vulnerability in maven package com.epam.reportportal:service-api
CVE-2020-15231 Vulnerability in maven package org.mapfish.print:print-lib
CVE-2023-38690 Vulnerability in npm package matrix-appservice-irc
CVE-2018-20834 Vulnerability in maven package org.webjars:tar