Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-3718

Опубликовано: 05 фев. 2011
Источник: redhat
CVSS2: 4
EPSS Низкий

Описание

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Certificate System 7.3OtherAffected
Red Hat Developer Suite v.3PlatformAffected
Red Hat JBoss Enterprise Web Server 1 for RHEL 4 AStomcatAffected
Red Hat JBoss Enterprise Web Server 1 for RHEL 5 ServertomcatAffected
JBEWS 1.0 for RHEL 4antFixedRHSA-2011:089722.06.2011
JBEWS 1.0 for RHEL 4antlrFixedRHSA-2011:089722.06.2011
JBEWS 1.0 for RHEL 4bcelFixedRHSA-2011:089722.06.2011
JBEWS 1.0 for RHEL 4cglibFixedRHSA-2011:089722.06.2011
JBEWS 1.0 for RHEL 4dom4jFixedRHSA-2011:089722.06.2011
JBEWS 1.0 for RHEL 4ecjFixedRHSA-2011:089722.06.2011

Показывать по

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=675792tomcat: file permission bypass flaw

EPSS

Процентиль: 48%
0.00249
Низкий

4 Medium

CVSS2

Связанные уязвимости

ubuntu
больше 14 лет назад

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

nvd
больше 14 лет назад

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

debian
больше 14 лет назад

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running with ...

github
около 3 лет назад

Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

oracle-oval
около 14 лет назад

ELSA-2011-0791: tomcat6 security and bug fix update (MODERATE)

EPSS

Процентиль: 48%
0.00249
Низкий

4 Medium

CVSS2