CVE-2010-3718

low

Apache

CVSS v3 Base Score

1.2

AV:L/AC:H/Au:N/C:N/I:P/A:N

EPSS Score

0.3%

Exploitation probability in 30 days

Top 46% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

High

Confidentiality

None

Integrity

Availability

None

Published: February 10, 2011 (5572 days ago)

Last Modified: April 29, 2026

Vendor: Apache

Source: NVD

Description

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.

CWE

NVD-CWE-Other

Affected Products

apache tomcat

References

🔗 lists.apple.com 🔗 lists.opensuse.org 🔗 marc.info 🔗 marc.info 🔗 marc.info

CVE-2010-3718

Vulnerability Report

Description

CWE

Affected Products

References