Directory Traversal Vulnerability in Apache Tomcat

Directory Traversal Vulnerability in Apache Tomcat

CVE-2010-3718 · LOW Severity

AV:L/AC:H/AU:N/C:N/I:P/A:N

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Learn more about our Cis Benchmark Audit For Apache Tomcat.