Описание
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | ignored | |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 6.0.28-10 |
| hardy | DNE | |
| karmic | released | 6.0.20-2ubuntu2.4 |
| lucid | released | 6.0.24-2ubuntu1.7 |
| maverick | released | 6.0.28-2ubuntu1.2 |
| natty | not-affected | 6.0.28-10 |
| upstream | released | 6.0.28-10 |
Показывать по
EPSS
1.2 Low
CVSS2
Связанные уязвимости
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running with ...
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
ELSA-2011-0791: tomcat6 security and bug fix update (MODERATE)
EPSS
1.2 Low
CVSS2