Description

The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.

Remediation

References

http://svn.apache.org/viewvc?view=revision&revision=1725931

http://svn.apache.org/viewvc?view=revision&revision=1725929

http://tomcat.apache.org/security-8.html

http://tomcat.apache.org/security-9.html

http://tomcat.apache.org/security-7.html

http://seclists.org/bugtraq/2016/Feb/147

http://svn.apache.org/viewvc?view=revision&revision=1725926

http://www.debian.org/security/2016/dsa-3530

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

http://www.debian.org/security/2016/dsa-3609

http://www.ubuntu.com/usn/USN-3024-1

http://www.debian.org/security/2016/dsa-3552

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755

http://www.securityfocus.com/bid/83326

https://access.redhat.com/errata/RHSA-2016:1087

http://rhn.redhat.com/errata/RHSA-2016-1089.html

https://access.redhat.com/errata/RHSA-2016:1088

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179356.html

https://bto.bluecoat.com/security-advisory/sa118

http://www.securitytracker.com/id/1035069

https://security.gentoo.org/glsa/201705-09

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://rhn.redhat.com/errata/RHSA-2016-2808.html

http://rhn.redhat.com/errata/RHSA-2016-2807.html

http://rhn.redhat.com/errata/RHSA-2016-2599.html

https://security.netapp.com/advisory/ntap-20180531-0001/

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

Related Vulnerabilities

CVE-2018-3821 Vulnerability in npm package kibana

CVE-2018-6873 Vulnerability in npm package auth0-js

CVE-2023-31007 Vulnerability in maven package org.apache.pulsar:pulsar-broker

CVE-2022-45855 Vulnerability in maven package org.apache.ambari:ambari

CVE-2019-1003050 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Tags

Vendor Advisory