CVE-2010-3718

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 7.0.0 through 7.0.3 Apache Tomcat version 6.0.x Apache Tomcat version 5.5.x

Description The issue allows local web applications to read or write files outside of the intended working directory when running within a SecurityManager. This is due to the ServletContext attribute not being made read-only, which can be exploited using a directory traversal attack. When running under a SecurityManager, access to the file system is limited, but web applications are granted read/write permissions to the work directory. A malicious web application may modify the ServletContext attribute to grant read/write permissions to any area on the file system.

Recommendations For Apache Tomcat versions 7.0.0 through 7.0.3, consider restricting access to the work directory to minimize the risk of exploitation. For Apache Tomcat version 6.0.x, restrict access to the work directory to prevent malicious web applications from modifying the ServletContext attribute. For Apache Tomcat version 5.5.x, limit the permissions granted to web applications to prevent them from accessing unauthorized areas of the file system. As a temporary workaround, consider disabling the writing of files to the work directory until a patch is available.