1.2 CVE-2010-3718
Apache Tomcat 7.0.0 a 7.0.3, 6.0.xy 5.5.x, cuando se ejecuta dentro de un SecurityManager, no hace que el atributo ServletContext sea de solo lectura, lo que permite que las aplicaciones web locales lean o escriban archivos fuera del lugar de trabajo previsto. directorio, como se demostró usando un ataque transversal de directorio.
https://nvd.nist.gov/vuln/detail/CVE-2010-3718
Categorías
CWE-NVD-Other
Referencias
APPLE
BID
BUGTRAQ
CONFIRM
http://support.apple.com/kb/HT5002 |
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html |
DEBIAN
HP
MANDRIVA
MISC
OVAL
REDHAT
SECTRACK
SECUNIA
SREASON
SUSE
XF
CPE
cpe | iniciar | fin |
---|---|---|
Configuration 1 | ||
cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:* | ||
Configuration 2 | ||
cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:* | ||
Configuration 3 | ||
cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:* | ||
cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:* |
REMEDIACIÓN
EXPLOTA
Exploit-db.com
id | descripción | fecha | |
---|---|---|---|
No hay exploits conocidos |
Otros (github, ...)
Url |
---|
No hay exploits conocidos |
CAPEC
Common Attack Pattern Enumerations and Classifications
id | descripción | gravedad |
---|---|---|
No hay entrada |
MITRE
Sherlock® flash
Haz una foto de tu red informática en unos pocos clics !
La solución de auditoría Sherlock® flash le permite realizar una auditoría para reforzar la seguridad de sus activos informáticos. Escaneo de vulnerabilidad de sus equipos físicos y virtuales. Planificación de parches por nivel de prioridad y tiempo disponible. Informes detallados e intuitivos.
