Lucene search

K
cve[email protected]CVE-2010-3718
HistoryFeb 10, 2011 - 6:00 p.m.

CVE-2010-3718

2011-02-1018:00:00
NVD-CWE-Other
web.nvd.nist.gov
57
cve-2010-3718
apache tomcat
securitymanager
servletcontext
directory traversal attack
nvd

5.2 Medium

AI Score

Confidence

High

1.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

61.3%

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

References

5.2 Medium

AI Score

Confidence

High

1.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

61.3%

Related for CVE-2010-3718