Description
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Remediation
References
Related Vulnerabilities
Ruby on Rails Improper Access Control Vulnerability (CVE-2015-7577)
Apache Tomcat 7PK - Security Features Vulnerability (CVE-2014-9634)
Oracle Database Server CVE-2015-4873 Vulnerability (CVE-2015-4873)
Envoy Proxy Reachable Assertion Vulnerability (CVE-2021-29258)
IBM WebSEAL URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-4153)