1.2 CVE-2010-3718

Apache Tomcat 7.0.0 a 7.0.3, 6.0.x e 5.5.x, quando executado em um SecurityManager, não torna o atributo ServletContext somente leitura, o que permite que aplicativos da web locais leiam ou gravem arquivos fora do funcionamento pretendido diretório, conforme demonstrado usando um ataque de passagem de diretório.
https://nvd.nist.gov/vuln/detail/CVE-2010-3718

Categorias

CWE-NVD-Other

Referências

APPLE

APPLE-SA-2011-10-12-3

BID

46177

BUGTRAQ

20110205 [SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions

CONFIRM

http://support.apple.com/kb/HT5002
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html

DEBIAN

DSA-2160

HP

SSRT100627
HPSBUX02860
HPSBST02955
HPSBUX02645

MANDRIVA

MDVSA-2011:030

MISC

http://tomcat.apache.org/security-6.html Vendor Advisory
http://tomcat.apache.org/security-5.html Vendor Advisory
http://tomcat.apache.org/security-7.html Vendor Advisory
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

OVAL

oval:org.mitre.oval:def:19379
oval:org.mitre.oval:def:13969
oval:org.mitre.oval:def:12517

REDHAT

RHSA-2011:0896
RHSA-2011:0791
RHSA-2011:0897
RHSA-2011:1845

SECTRACK

1025025

SECUNIA

43192 Vendor Advisory
45022
57126

SREASON

8072

SUSE

SUSE-SR:2011:005

XF

tomcat-servletcontect-sec-bypass(65159)

CPE

cpe	começar	fim
Configuration 1
cpe:2.3:a:apache:tomcat:7.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.3:::::::*
Configuration 2
cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:6.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.29:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:6.0.24:::::::*
cpe:2.3:a:apache:tomcat:6.0.17:::::::*
cpe:2.3:a:apache:tomcat:6.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.28:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.26:::::::*
cpe:2.3:a:apache:tomcat:6.0.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*
Configuration 3
cpe:2.3:a:apache:tomcat:5.5.27:::::::*
cpe:2.3:a:apache:tomcat:5.5.18:::::::*
cpe:2.3:a:apache:tomcat:5.5.12:::::::*
cpe:2.3:a:apache:tomcat:5.5.14:::::::*
cpe:2.3:a:apache:tomcat:5.5.10:::::::*
cpe:2.3:a:apache:tomcat:5.5.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.7:::::::*
cpe:2.3:a:apache:tomcat:5.5.1:::::::*
cpe:2.3:a:apache:tomcat:5.5.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.28:::::::*
cpe:2.3:a:apache:tomcat:5.5.6:::::::*
cpe:2.3:a:apache:tomcat:5.5.26:::::::*
cpe:2.3:a:apache:tomcat:5.5.20:::::::*
cpe:2.3:a:apache:tomcat:5.5.15:::::::*
cpe:2.3:a:apache:tomcat:5.5.5:::::::*
cpe:2.3:a:apache:tomcat:5.5.30:::::::*
cpe:2.3:a:apache:tomcat:5.5.21:::::::*
cpe:2.3:a:apache:tomcat:5.5.22:::::::*
cpe:2.3:a:apache:tomcat:5.5.3:::::::*
cpe:2.3:a:apache:tomcat:5.5.32:::::::*
cpe:2.3:a:apache:tomcat:5.5.9:::::::*
cpe:2.3:a:apache:tomcat:5.5.25:::::::*
cpe:2.3:a:apache:tomcat:5.5.2:::::::*
cpe:2.3:a:apache:tomcat:5.5.0:::::::*
cpe:2.3:a:apache:tomcat:5.5.13:::::::*
cpe:2.3:a:apache:tomcat:5.5.24:::::::*
cpe:2.3:a:apache:tomcat:5.5.8:::::::*
cpe:2.3:a:apache:tomcat:5.5.16:::::::*
cpe:2.3:a:apache:tomcat:5.5.17:::::::*
cpe:2.3:a:apache:tomcat:5.5.29:::::::*
cpe:2.3:a:apache:tomcat:5.5.19:::::::*
cpe:2.3:a:apache:tomcat:5.5.23:::::::*

REMEDIAÇÃO

EXPLOITS

Exploit-db.com

id	descrição	datado
Nenhum exploit conhecido

Outros (github, ...)

Url
Nenhum exploit conhecido

CAPEC

Common Attack Pattern Enumerations and Classifications

id	descrição	gravidade
Entrada proibida

MITRE

Sherlock® flash

Tire uma foto da sua rede informática em poucos cliques !

A solução de auditoria Sherlock® flash permite-lhe realizar uma auditoria para reforçar a segurança dos seus activos informáticos. Vulnerabilidade do seu equipamento físico e virtual. Planeamento de correcções por nível de prioridade e tempo disponível. Relatórios detalhados e intuitivos.

Descubra esta oferta

Sherlock® flash: 1ª solução instantânea de auditoria cibernética de segurança

cpe	começar	fim
Configuration 1
cpe:2.3:a:apache:tomcat:7.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.3:::::::*
Configuration 2
cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:6.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.29:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:6.0.24:::::::*
cpe:2.3:a:apache:tomcat:6.0.17:::::::*
cpe:2.3:a:apache:tomcat:6.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.28:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.26:::::::*
cpe:2.3:a:apache:tomcat:6.0.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*
Configuration 3
cpe:2.3:a:apache:tomcat:5.5.27:::::::*
cpe:2.3:a:apache:tomcat:5.5.18:::::::*
cpe:2.3:a:apache:tomcat:5.5.12:::::::*
cpe:2.3:a:apache:tomcat:5.5.14:::::::*
cpe:2.3:a:apache:tomcat:5.5.10:::::::*
cpe:2.3:a:apache:tomcat:5.5.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.7:::::::*
cpe:2.3:a:apache:tomcat:5.5.1:::::::*
cpe:2.3:a:apache:tomcat:5.5.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.28:::::::*
cpe:2.3:a:apache:tomcat:5.5.6:::::::*
cpe:2.3:a:apache:tomcat:5.5.26:::::::*
cpe:2.3:a:apache:tomcat:5.5.20:::::::*
cpe:2.3:a:apache:tomcat:5.5.15:::::::*
cpe:2.3:a:apache:tomcat:5.5.5:::::::*
cpe:2.3:a:apache:tomcat:5.5.30:::::::*
cpe:2.3:a:apache:tomcat:5.5.21:::::::*
cpe:2.3:a:apache:tomcat:5.5.22:::::::*
cpe:2.3:a:apache:tomcat:5.5.3:::::::*
cpe:2.3:a:apache:tomcat:5.5.32:::::::*
cpe:2.3:a:apache:tomcat:5.5.9:::::::*
cpe:2.3:a:apache:tomcat:5.5.25:::::::*
cpe:2.3:a:apache:tomcat:5.5.2:::::::*
cpe:2.3:a:apache:tomcat:5.5.0:::::::*
cpe:2.3:a:apache:tomcat:5.5.13:::::::*
cpe:2.3:a:apache:tomcat:5.5.24:::::::*
cpe:2.3:a:apache:tomcat:5.5.8:::::::*
cpe:2.3:a:apache:tomcat:5.5.16:::::::*
cpe:2.3:a:apache:tomcat:5.5.17:::::::*
cpe:2.3:a:apache:tomcat:5.5.29:::::::*
cpe:2.3:a:apache:tomcat:5.5.19:::::::*
cpe:2.3:a:apache:tomcat:5.5.23:::::::*