| Revision Date: | 2015-04-20 | Version: | 28 | | Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | | Description: | Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. | | Family: | unix | Class: | vulnerability | | Status: | ACCEPTED | Reference(s): | CVE-2010-3718
| | Platform(s): | HP-UX 11
| Product(s): | | | Definition Synopsis | | platforms HP-UX B.11.23
OR HP-UX B.11.31
AND hpuxws22TOMCAT.TOMCAT version is less than B.5.5.34.01
|
|