Описание
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 7.0.22-1 |
| hardy | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | released | 7.0.21-1ubuntu0.1 |
| precise | not-affected | 7.0.22-1 |
| quantal | not-affected | 7.0.22-1 |
| upstream | released | 7.0.22-1 |
Показывать по
Ссылки на источники
EPSS
4.4 Medium
CVSS2
Связанные уязвимости
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat ...
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
EPSS
4.4 Medium
CVSS2