CVE-2010-3718

Name	CVE-2010-3718
Description	Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
References	DSA-2160-1
NVD severity	low (attack range: local)
Debian Bugs	612257

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
tomcat6 (PTS)	jessie (security), jessie	6.0.45+dfsg-1~deb8u1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
tomcat5.5	source	(unstable)	(unfixed)	low
tomcat6	source	(unstable)	6.0.28-10	low		612257
tomcat6	source	lenny	(not affected)
tomcat6	source	squeeze	6.0.28-9+squeeze1	low	DSA-2160-1

[lenny] - tomcat5.5 <no-dsa> (Minor issue)
[lenny] - tomcat6 <not-affected> (Only ships the servlet package)