Description
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
Remediation
References
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/DefaultInstanceManager.java?r1=1176588&r2=1176587&pathrev=1176588
http://svn.apache.org/viewvc?view=revision&revision=1176588
http://tomcat.apache.org/security-7.html
http://www.securityfocus.com/bid/50603
Related Vulnerabilities
CVE-2020-7663 Vulnerability in npm package websocket-extensions
CVE-2023-34238 Vulnerability in npm package gatsby-plugin-mdx
CVE-2023-42276 Vulnerability in maven package cn.hutool:hutool-json
CVE-2016-10735 Vulnerability in maven package org.webjars.bowergithub.jasny:bootstrap
CVE-2020-35490 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind