Description
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ajax Plugin Helper Cross-Site Scripting (1.0.5)
WordPress Plugin Protected Posts Logout Button Cross-Site Request Forgery (1.4.4)
Oracle JRE CVE-2018-2637 Vulnerability (CVE-2018-2637)
Contao Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10642)
WordPress Plugin Secure File Manager Remote Code Execution (2.8.1)