Description
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
Remediation
References
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/DefaultInstanceManager.java?r1=1176588&r2=1176587&pathrev=1176588
http://svn.apache.org/viewvc?view=revision&revision=1176588
http://tomcat.apache.org/security-7.html
http://www.securityfocus.com/bid/50603
Related Vulnerabilities
CVE-2021-37137 Vulnerability in maven package io.netty:netty-codec
CVE-2016-7051 Vulnerability in maven package com.fasterxml.jackson.dataformat:jackson-dataformat-xml
CVE-2023-45135 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-war
CVE-2020-28271 Vulnerability in npm package deephas
CVE-2023-35925 Vulnerability in maven package com.fastasyncworldedit:fastasyncworldedit-bukkit