1.2 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:H/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
53.1%
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a
SecurityManager, does not make the ServletContext attribute read-only,
which allows local web applications to read or write files outside of the
intended working directory, as demonstrated using a directory traversal
attack.
archives.neohapsis.com/archives/fulldisclosure/2011-02/0074.html
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
launchpad.net/bugs/cve/CVE-2010-3718
nvd.nist.gov/vuln/detail/CVE-2010-3718
security-tracker.debian.org/tracker/CVE-2010-3718
ubuntu.com/security/notices/USN-1097-1
www.cve.org/CVERecord?id=CVE-2010-3718