// For flags

CVE-2010-3718

tomcat: file permission bypass flaw

Severity Score

2.9
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Apache Tomcat v7.0.0 hasta v7.0.3, v6.0.x, y v5.5.x, cuando se ejecuta dentro de un SecurityManager no tiene el atributo ServletContext de sólo lectura, lo que permite a las aplicaciones web locales leer y escribir archivos fuera del directorio de trabajo previsto, como se ha demostrado mediante un ataque de salto de directorio.

Multiple vulnerabilities has been found and corrected in tomcat5. When running under a SecurityManager, access to the file system is limited but web applications are granted read/write permissions to the work directory. This directory is used for a variety of temporary files such as the intermediate files generated when compiling JSPs to Servlets. The location of the work directory is specified by a ServletContect attribute that is meant to be read-only to web applications. However, due to a coding error, the read-only setting was not applied. Therefore, a malicious web application may modify the attribute before Tomcat applies the file permissions. This can be used to grant read/write permissions to any area on the file system which a malicious web application may then take advantage of. This vulnerability is only applicable when hosting web applications from untrusted sources such as shared hosting environments. The HTML Manager interface displayed web application provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administrative user when viewing the manager pages.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Attack Vector
Local
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-10-01 CVE Reserved
  • 2011-02-05 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-06-05 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (34)
URL Tag Source
http://secunia.com/advisories/45022 Third Party Advisory
http://secunia.com/advisories/57126 Third Party Advisory
http://securityreason.com/securityalert/8072 Third Party Advisory
http://support.apple.com/kb/HT5002 X_refsource_confirm
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html X_refsource_confirm
http://www.securityfocus.com/archive/1/516211/100/0/threaded Mailing List
http://www.securityfocus.com/bid/46177 Vdb Entry
http://www.securitytracker.com/id?1025025 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/65159 Vdb Entry
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12517 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13969 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19379 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html 2023-02-13
http://marc.info/?l=bugtraq&m=130168502603566&w=2 2023-02-13
http://marc.info/?l=bugtraq&m=132215163318824&w=2 2023-02-13
http://marc.info/?l=bugtraq&m=136485229118404&w=2 2023-02-13
http://marc.info/?l=bugtraq&m=139344343412337&w=2 2023-02-13
http://secunia.com/advisories/43192 2023-02-13
http://tomcat.apache.org/security-5.html 2023-02-13
http://tomcat.apache.org/security-6.html 2023-02-13
http://tomcat.apache.org/security-7.html 2023-02-13
http://www.debian.org/security/2011/dsa-2160 2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2011:030 2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-0791.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-0896.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-0897.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-1845.html 2023-02-13
https://access.redhat.com/security/cve/CVE-2010-3718 2011-12-20
https://bugzilla.redhat.com/show_bug.cgi?id=675792 2011-12-20
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 7.0.0
Search vendor "Apache" for product "Tomcat" and version "7.0.0"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 7.0.1
Search vendor "Apache" for product "Tomcat" and version "7.0.1"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 7.0.2
Search vendor "Apache" for product "Tomcat" and version "7.0.2"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 7.0.3
Search vendor "Apache" for product "Tomcat" and version "7.0.3"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0
Search vendor "Apache" for product "Tomcat" and version "6.0"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.0
Search vendor "Apache" for product "Tomcat" and version "6.0.0"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.1
Search vendor "Apache" for product "Tomcat" and version "6.0.1"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.2
Search vendor "Apache" for product "Tomcat" and version "6.0.2"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.3
Search vendor "Apache" for product "Tomcat" and version "6.0.3"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.4
Search vendor "Apache" for product "Tomcat" and version "6.0.4"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.5
Search vendor "Apache" for product "Tomcat" and version "6.0.5"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.6
Search vendor "Apache" for product "Tomcat" and version "6.0.6"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.7
Search vendor "Apache" for product "Tomcat" and version "6.0.7"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.8
Search vendor "Apache" for product "Tomcat" and version "6.0.8"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.9
Search vendor "Apache" for product "Tomcat" and version "6.0.9"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.10
Search vendor "Apache" for product "Tomcat" and version "6.0.10"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.11
Search vendor "Apache" for product "Tomcat" and version "6.0.11"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.12
Search vendor "Apache" for product "Tomcat" and version "6.0.12"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.13
Search vendor "Apache" for product "Tomcat" and version "6.0.13"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.14
Search vendor "Apache" for product "Tomcat" and version "6.0.14"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.15
Search vendor "Apache" for product "Tomcat" and version "6.0.15"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.16
Search vendor "Apache" for product "Tomcat" and version "6.0.16"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.17
Search vendor "Apache" for product "Tomcat" and version "6.0.17"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.18
Search vendor "Apache" for product "Tomcat" and version "6.0.18"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.19
Search vendor "Apache" for product "Tomcat" and version "6.0.19"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.20
Search vendor "Apache" for product "Tomcat" and version "6.0.20"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.24
Search vendor "Apache" for product "Tomcat" and version "6.0.24"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.26
Search vendor "Apache" for product "Tomcat" and version "6.0.26"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.27
Search vendor "Apache" for product "Tomcat" and version "6.0.27"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.28
Search vendor "Apache" for product "Tomcat" and version "6.0.28"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.29
Search vendor "Apache" for product "Tomcat" and version "6.0.29"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.0
Search vendor "Apache" for product "Tomcat" and version "5.5.0"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.1
Search vendor "Apache" for product "Tomcat" and version "5.5.1"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.2
Search vendor "Apache" for product "Tomcat" and version "5.5.2"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.3
Search vendor "Apache" for product "Tomcat" and version "5.5.3"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.4
Search vendor "Apache" for product "Tomcat" and version "5.5.4"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.5
Search vendor "Apache" for product "Tomcat" and version "5.5.5"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.6
Search vendor "Apache" for product "Tomcat" and version "5.5.6"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.7
Search vendor "Apache" for product "Tomcat" and version "5.5.7"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.8
Search vendor "Apache" for product "Tomcat" and version "5.5.8"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.9
Search vendor "Apache" for product "Tomcat" and version "5.5.9"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.10
Search vendor "Apache" for product "Tomcat" and version "5.5.10"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.11
Search vendor "Apache" for product "Tomcat" and version "5.5.11"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.12
Search vendor "Apache" for product "Tomcat" and version "5.5.12"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.13
Search vendor "Apache" for product "Tomcat" and version "5.5.13"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.14
Search vendor "Apache" for product "Tomcat" and version "5.5.14"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.15
Search vendor "Apache" for product "Tomcat" and version "5.5.15"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.16
Search vendor "Apache" for product "Tomcat" and version "5.5.16"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.17
Search vendor "Apache" for product "Tomcat" and version "5.5.17"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.18
Search vendor "Apache" for product "Tomcat" and version "5.5.18"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.19
Search vendor "Apache" for product "Tomcat" and version "5.5.19"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.20
Search vendor "Apache" for product "Tomcat" and version "5.5.20"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.21
Search vendor "Apache" for product "Tomcat" and version "5.5.21"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.22
Search vendor "Apache" for product "Tomcat" and version "5.5.22"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.23
Search vendor "Apache" for product "Tomcat" and version "5.5.23"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.24
Search vendor "Apache" for product "Tomcat" and version "5.5.24"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.25
Search vendor "Apache" for product "Tomcat" and version "5.5.25"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.26
Search vendor "Apache" for product "Tomcat" and version "5.5.26"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.27
Search vendor "Apache" for product "Tomcat" and version "5.5.27"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.28
Search vendor "Apache" for product "Tomcat" and version "5.5.28"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.29
Search vendor "Apache" for product "Tomcat" and version "5.5.29"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.30
Search vendor "Apache" for product "Tomcat" and version "5.5.30"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.32
Search vendor "Apache" for product "Tomcat" and version "5.5.32"
-
Affected