CVE-2010-3718

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Published Bysecalert@redhat.com

Published DateFeb 10, 2011, 18:00

Affected Versions(3)

org.apache.tomcat:tomcat(Maven)

Introduced7.0.0

Fixed7.0.4

LimitN/A

org.apache.tomcat:tomcat(Maven)

Introduced6.0.0

Fixed6.0.30

LimitN/A

org.apache.tomcat:tomcat(Maven)

Introduced5.5.0

Fixed5.5.30

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.apache.tomcat:tomcat(Maven)	7.0.0	7.0.4	N/A
org.apache.tomcat:tomcat(Maven)	6.0.0	6.0.30	N/A
org.apache.tomcat:tomcat(Maven)	5.5.0	5.5.30	N/A

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

1.2

Vector String

AV:L/AC:H/Au:N/C:N/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

PARTIAL

Availability (A)

NONE

References

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

1.2

Vector String

AV:L/AC:H/Au:N/C:N/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

PARTIAL

Availability (A)

NONE