Vulnerabilities

CVE-2010-3718

by Fred · 10/02/2011

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Date published : 2011-02-10

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

http://www.securityfocus.com/bid/46177

Similar

Tags: Cybersecurity Alert