Description

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Remediation

References

CVE-2010-3718

Related Vulnerabilities

WordPress Plugin WordPress Poll Multiple SQL Injection and Security Bypass Vulnerabilities (34.04)

Oracle Database Server CVE-2006-5344 Vulnerability (CVE-2006-5344)

Jenkins Other Vulnerability (CVE-2021-21696)

WordPress Plugin kk Star Ratings 'root' Parameter Remote File Include (1.7)

WordPress Plugin Registrations for the Events Calendar-Event Registration SQL Injection (2.7.5)

Severity

Low

Classification

CVE-2010-3718

Tags

Missing Update Known Vulnerabilities