Apache Tomcat 7.0.x < 7.0.4 File Permission Bypass Vulnerability
Low Log Correlation Engine Plugin ID 800608
SynopsisThe remote web server is affected by a security bypass vulnerability.
DescriptionVersions of Tomcat 7.0.x earlier than 7.0.4 are potentially affected by a security bypass vulnerability. When running under a SecurityManager, it is possible to grant a web application read/write permissions to any area on the file system.
SolutionUpgrade to Apache Tomcat 7.0.4 or later.