Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attac...

GHSA-FJ6C-PRGJ-GR3R Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attac...

Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request. See CWE-402: Transmission of Private...

Local Temp Directory Hijacking Vulnerability

Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the...

GHSA-G3WG-6MCF-8JJ6 Local Temp Directory Hijacking Vulnerability

Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the...

Directory Traversal

Tomcat is vulnerable to directory traversal. The methods getResource, getResourceAsStream, and getResourcePaths in ServletContext do not correctly validate that the paths given to them do not contain "/..". However the impact of the directory traversal is limited as "/../" is rejected. This allow...

Apache Tomcat 6.0.x < 6.0.45 / 7.0.x < 7.0.65 / 8.0.x < 8.0.27 Directory Traversal

Binary data 9317.pasl...

Apache Tomcat Limited Directory Traversal Vulnerability (Feb 2016) - Windows

Apache Tomcat is prone to a limited directory traversal vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

STRUTS2 framework getClassLoader exploit-vulnerability warning-the black bar safety net

by emptiness prodigal heart http://www.inbreak.net Twitter: http://t.qq.com/javasecurity Summary: 2 0 1 2 year, I in the attack JAVA WEB action, the text of Titus on“the classLoader that caused the particular environment under DOS vulnerability”at the time and no more in-depth explanation, these...

Apache Tomcat 7.0.x < 7.0.4 SecurityManager Local Security Bypass

Binary data 5792.pasl...

Apache Tomcat 7.0.0 < 7.0.4

The version of Tomcat installed on the remote host is prior to 7.0.4. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.4security-7 advisory. - Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the...

CVE-2010-3718

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attac...

CVE-2010-3718

CVE-2010-3718 affects Apache Tomcat 7.0.0–7.0.3, 6.0.x, and 5.5.x when running under a SecurityManager. The vulnerability is that ServletContext attributes are not made read-only, allowing local web applications to read or write files outside the intended working directory via a directory travers...

CVE-2010-3718

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attac...

PT-2011-1433 · Apache +2 · Apache Tomcat +2

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 7.0.0 through 7.0.3 Apache Tomcat version 6.0.x Apache Tomcat version 5.5.x Description: The issue allows local web applications to read or write files outside of the intended working directory when running within a...