Описание
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
Red Hat Certificate System 7.3 | Other | Affected | ||
Red Hat Developer Suite v.3 | Platform | Affected | ||
Red Hat JBoss Enterprise Web Server 1 for RHEL 4 AS | tomcat | Affected | ||
Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server | tomcat | Affected | ||
JBEWS 1.0 for RHEL 4 | ant | Fixed | RHSA-2011:0897 | 22.06.2011 |
JBEWS 1.0 for RHEL 4 | antlr | Fixed | RHSA-2011:0897 | 22.06.2011 |
JBEWS 1.0 for RHEL 4 | bcel | Fixed | RHSA-2011:0897 | 22.06.2011 |
JBEWS 1.0 for RHEL 4 | cglib | Fixed | RHSA-2011:0897 | 22.06.2011 |
JBEWS 1.0 for RHEL 4 | dom4j | Fixed | RHSA-2011:0897 | 22.06.2011 |
JBEWS 1.0 for RHEL 4 | ecj | Fixed | RHSA-2011:0897 | 22.06.2011 |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS2
Связанные уязвимости
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running with ...
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
ELSA-2011-0791: tomcat6 security and bug fix update (MODERATE)
EPSS
4 Medium
CVSS2