Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities

Medium

Synopsis

The remote web server is vulnerable to multiple attack vectors.

Description

Versions of Tomcat 6.x earlier than 6.0.30 are potentially affected by multiple vulnerabilities :

- When running under a SecurityManager it is possible for a web application to gain read/write permissions to any area on the file system. (CVE-2010-3718)

- It is possible to conduct cross-site scripting attacks via the 'sort' and 'orderBy' parameers of the Manager application. (CVE-2010-4172)

- The HTML Manager interface displays web application provided data, such as display names, without filtering. (CVE-2011-0013)

Solution

Upgrade to Apache Tomcat 6.0.30 or later.