Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tomcat | Apache | 7.0.0 (including) | 7.0.0 (including) |
Tomcat | Apache | 7.0.1 (including) | 7.0.1 (including) |
Tomcat | Apache | 7.0.2 (including) | 7.0.2 (including) |
Tomcat | Apache | 7.0.3 (including) | 7.0.3 (including) |