Back to search
CVE-2010-3718
Published: Feb 10, 2011
Modified: Aug 7, 2024
PUBLISHED
Description
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
46177
vdb-entry
x_refsource_BID
oval:org.mitre.oval:def:13969
vdb-entry
signature
x_refsource_OVAL
20110205 [SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions
mailing-list
x_refsource_BUGTRAQ
8072
third-party-advisory
x_refsource_SREASON
http://tomcat.apache.org/security-6.html
x_refsource_MISC
HPSBUX02860
vendor-advisory
x_refsource_HP
45022
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:1845
vendor-advisory
x_refsource_REDHAT
SUSE-SR:2011:005
vendor-advisory
x_refsource_SUSE
SSRT100627
vendor-advisory
x_refsource_HP
tomcat-servletcontect-sec-bypass(65159)
vdb-entry
x_refsource_XF
APPLE-SA-2011-10-12-3
vendor-advisory
x_refsource_APPLE
MDVSA-2011:030
vendor-advisory
x_refsource_MANDRIVA
oval:org.mitre.oval:def:19379
vdb-entry
signature
x_refsource_OVAL
RHSA-2011:0897
vendor-advisory
x_refsource_REDHAT
57126
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:0791
vendor-advisory
x_refsource_REDHAT
43192
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:0896
vendor-advisory
x_refsource_REDHAT
DSA-2160
vendor-advisory
x_refsource_DEBIAN
1025025
vdb-entry
x_refsource_SECTRACK
http://support.apple.com/kb/HT5002
x_refsource_CONFIRM
HPSBUX02725
vendor-advisory
x_refsource_HP
SSRT101146
vendor-advisory
x_refsource_HP
http://tomcat.apache.org/security-5.html
x_refsource_MISC
oval:org.mitre.oval:def:12517
vdb-entry
signature
x_refsource_OVAL
HPSBUX02645
vendor-advisory
x_refsource_HP
HPSBST02955
vendor-advisory
x_refsource_HP
http://tomcat.apache.org/security-7.html
x_refsource_MISC
[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now