Definition


New Search

HP-UX Apache Running Tomcat Servlet Engine Remote Information Disclosure Authentication Bypass Cross-Site Scripting (XSS) Unauthorized Access Denial of Service (DoS)

oval:org.mitre.oval:def:13969

Apache Tomcat 7.0.0 through 7.0.3 6.0.x and 5.5.x when running within a SecurityManager does not make the ServletContext attribute read-only which allows local web applications to read or write files outside of the intended working directory as demonstrated using a directory traversal attack.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • HP-UX 11
Class:
vulnerability
Reference(s):
  • CVE-2010-3718
Product(s):