When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.
https://lists.apache.org/thread.html/[email protected]%3Cannounce.tomcat.apache.org%3E
http://www.securitytracker.com/id/1037143
http://www.securityfocus.com/bid/93943
http://www.debian.org/security/2016/dsa-3720
https://access.redhat.com/errata/RHSA-2017:2247
https://access.redhat.com/errata/RHSA-2017:0456
https://access.redhat.com/errata/RHSA-2017:0455
http://rhn.redhat.com/errata/RHSA-2017-0457.html
https://security.netapp.com/advisory/ntap-20180605-0001/
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
Source: MITRE
Published: 2017-08-10
Updated: 2022-04-18
Type: NVD-CWE-noinfo
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
Base Score: 5.3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Impact Score: 1.4
Exploitability Score: 3.9
Severity: MEDIUM