Description
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
Remediation
References
Related Vulnerabilities
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8005)
Apache Tomcat Resource Management Errors Vulnerability (CVE-2011-0534)
WordPress Plugin Shopping Cart & eCommerce Store Arbitrary File Upload (3.0.8)
WordPress Plugin Wordpress Uninstall Cross-Site Request Forgery (1.2.1)