CVE-2010-3718 — Path Traversal in Apache Tomcat

CWE-22 — Path Traversal9 documents7 sources

Severity

1.2LOWNVD

EPSS

0.3%

top 46.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat

Timeline

PublishedFeb 10

Latest updateMay 14

Description

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

CVSS vector

AV:L/AC:H/C:N/I:P/A:NExploitability: 1.9 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/tomcat63 versions+62

🔴Vulnerability Details

OSV

Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat↗2022-05-14

▶

GHSA

Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat↗2022-05-14

▶

CVEList

CVE-2010-3718: Apache Tomcat 7↗2011-02-10

▶

📋Vendor Advisories

Ubuntu

Tomcat vulnerabilities↗2011-03-29

▶

Red Hat

tomcat: file permission bypass flaw↗2011-02-05

▶

💬Community

Bugzilla

CVE-2011-0013 CVE-2010-3718 CVE-2011-0534 tomcat6 various flaws [fedora-all]↗2011-02-07

▶

Bugzilla

CVE-2010-3718 tomcat: file permission bypass flaw↗2011-02-07

▶

Bugzilla

CVE-2011-0013 CVE-2010-3718 tomcat5 various flaws [fedora-all]↗2011-02-07

▶