// For flags

CVE-2010-3718

tomcat: file permission bypass flaw

Severity Score

1.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

Apache Tomcat v7.0.0 hasta v7.0.3, v6.0.x, y v5.5.x, cuando se ejecuta dentro de un SecurityManager no tiene el atributo ServletContext de sólo lectura, lo que permite a las aplicaciones web locales leer y escribir archivos fuera del directorio de trabajo previsto, como se ha demostrado mediante un ataque de salto de directorio.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-10-01 CVE Reserved
  • 2011-02-05 CVE Published
  • 2024-05-26 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (34)
URL Tag Source
http://secunia.com/advisories/45022 Third Party Advisory
http://secunia.com/advisories/57126 Third Party Advisory
http://securityreason.com/securityalert/8072 Third Party Advisory
http://support.apple.com/kb/HT5002 X_refsource_confirm
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html X_refsource_confirm
http://www.securityfocus.com/archive/1/516211/100/0/threaded Mailing List
http://www.securityfocus.com/bid/46177 Vdb Entry
http://www.securitytracker.com/id?1025025 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/65159 Vdb Entry
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12517 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13969 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19379 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html 2023-02-13
http://marc.info/?l=bugtraq&m=130168502603566&w=2 2023-02-13
http://marc.info/?l=bugtraq&m=132215163318824&w=2 2023-02-13
http://marc.info/?l=bugtraq&m=136485229118404&w=2 2023-02-13
http://marc.info/?l=bugtraq&m=139344343412337&w=2 2023-02-13
http://secunia.com/advisories/43192 2023-02-13
http://tomcat.apache.org/security-5.html 2023-02-13
http://tomcat.apache.org/security-6.html 2023-02-13
http://tomcat.apache.org/security-7.html 2023-02-13
http://www.debian.org/security/2011/dsa-2160 2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2011:030 2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-0791.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-0896.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-0897.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2011-1845.html 2023-02-13
https://access.redhat.com/security/cve/CVE-2010-3718 2011-12-20
https://bugzilla.redhat.com/show_bug.cgi?id=675792 2011-12-20
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 7.0.0
Search vendor "Apache" for product "Tomcat" and version "7.0.0"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 7.0.1
Search vendor "Apache" for product "Tomcat" and version "7.0.1"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 7.0.2
Search vendor "Apache" for product "Tomcat" and version "7.0.2"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 7.0.3
Search vendor "Apache" for product "Tomcat" and version "7.0.3"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0
Search vendor "Apache" for product "Tomcat" and version "6.0"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.0
Search vendor "Apache" for product "Tomcat" and version "6.0.0"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.1
Search vendor "Apache" for product "Tomcat" and version "6.0.1"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.2
Search vendor "Apache" for product "Tomcat" and version "6.0.2"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.3
Search vendor "Apache" for product "Tomcat" and version "6.0.3"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.4
Search vendor "Apache" for product "Tomcat" and version "6.0.4"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.5
Search vendor "Apache" for product "Tomcat" and version "6.0.5"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.6
Search vendor "Apache" for product "Tomcat" and version "6.0.6"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.7
Search vendor "Apache" for product "Tomcat" and version "6.0.7"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.8
Search vendor "Apache" for product "Tomcat" and version "6.0.8"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.9
Search vendor "Apache" for product "Tomcat" and version "6.0.9"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.10
Search vendor "Apache" for product "Tomcat" and version "6.0.10"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.11
Search vendor "Apache" for product "Tomcat" and version "6.0.11"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.12
Search vendor "Apache" for product "Tomcat" and version "6.0.12"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.13
Search vendor "Apache" for product "Tomcat" and version "6.0.13"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.14
Search vendor "Apache" for product "Tomcat" and version "6.0.14"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.15
Search vendor "Apache" for product "Tomcat" and version "6.0.15"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.16
Search vendor "Apache" for product "Tomcat" and version "6.0.16"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.17
Search vendor "Apache" for product "Tomcat" and version "6.0.17"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.18
Search vendor "Apache" for product "Tomcat" and version "6.0.18"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.19
Search vendor "Apache" for product "Tomcat" and version "6.0.19"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.20
Search vendor "Apache" for product "Tomcat" and version "6.0.20"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.24
Search vendor "Apache" for product "Tomcat" and version "6.0.24"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.26
Search vendor "Apache" for product "Tomcat" and version "6.0.26"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.27
Search vendor "Apache" for product "Tomcat" and version "6.0.27"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.28
Search vendor "Apache" for product "Tomcat" and version "6.0.28"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 6.0.29
Search vendor "Apache" for product "Tomcat" and version "6.0.29"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.0
Search vendor "Apache" for product "Tomcat" and version "5.5.0"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.1
Search vendor "Apache" for product "Tomcat" and version "5.5.1"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.2
Search vendor "Apache" for product "Tomcat" and version "5.5.2"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.3
Search vendor "Apache" for product "Tomcat" and version "5.5.3"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.4
Search vendor "Apache" for product "Tomcat" and version "5.5.4"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.5
Search vendor "Apache" for product "Tomcat" and version "5.5.5"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.6
Search vendor "Apache" for product "Tomcat" and version "5.5.6"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.7
Search vendor "Apache" for product "Tomcat" and version "5.5.7"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.8
Search vendor "Apache" for product "Tomcat" and version "5.5.8"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.9
Search vendor "Apache" for product "Tomcat" and version "5.5.9"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.10
Search vendor "Apache" for product "Tomcat" and version "5.5.10"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.11
Search vendor "Apache" for product "Tomcat" and version "5.5.11"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.12
Search vendor "Apache" for product "Tomcat" and version "5.5.12"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.13
Search vendor "Apache" for product "Tomcat" and version "5.5.13"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.14
Search vendor "Apache" for product "Tomcat" and version "5.5.14"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.15
Search vendor "Apache" for product "Tomcat" and version "5.5.15"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.16
Search vendor "Apache" for product "Tomcat" and version "5.5.16"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.17
Search vendor "Apache" for product "Tomcat" and version "5.5.17"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.18
Search vendor "Apache" for product "Tomcat" and version "5.5.18"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.19
Search vendor "Apache" for product "Tomcat" and version "5.5.19"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.20
Search vendor "Apache" for product "Tomcat" and version "5.5.20"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.21
Search vendor "Apache" for product "Tomcat" and version "5.5.21"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.22
Search vendor "Apache" for product "Tomcat" and version "5.5.22"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.23
Search vendor "Apache" for product "Tomcat" and version "5.5.23"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.24
Search vendor "Apache" for product "Tomcat" and version "5.5.24"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.25
Search vendor "Apache" for product "Tomcat" and version "5.5.25"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.26
Search vendor "Apache" for product "Tomcat" and version "5.5.26"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.27
Search vendor "Apache" for product "Tomcat" and version "5.5.27"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.28
Search vendor "Apache" for product "Tomcat" and version "5.5.28"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.29
Search vendor "Apache" for product "Tomcat" and version "5.5.29"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.30
Search vendor "Apache" for product "Tomcat" and version "5.5.30"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.5.32
Search vendor "Apache" for product "Tomcat" and version "5.5.32"
-
Affected