Description
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
Remediation
References
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/DefaultInstanceManager.java?r1=1176588&r2=1176587&pathrev=1176588
http://svn.apache.org/viewvc?view=revision&revision=1176588
http://tomcat.apache.org/security-7.html
http://www.securityfocus.com/bid/50603
Related Vulnerabilities
CVE-2023-39522 Vulnerability in npm package @goauthentik/api
CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-service
CVE-2021-3803 Vulnerability in npm package nth-check
CVE-2023-35153 Vulnerability in maven package org.xwiki.platform:xwiki-platform-appwithinminutes-ui
CVE-2014-0086 Vulnerability in maven package org.richfaces.core:richfaces-core-impl