Apache Tomcat 7.0.x < 7.0.4 File Permission Bypass Vulnerability
Low Nessus Network Monitor Plugin ID 5792
SynopsisThe remote web server is affected by a security bypass vulnerability.
DescriptionVersions of Tomcat 7.0.x earlier than 7.0.4 are potentially affected by a security bypass vulnerability. When running under a SecurityManager, it is possible to grant a web application read/write permissions to any area on the file system.
SolutionUpgrade to Apache Tomcat 7.0.4 or later.