CVE-2016-0763 @ Maven-org.apache.tomcat:tomcat-catalina-7.0.27 #790
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Vulnerable Package issue exists @ Maven-org.apache.tomcat:tomcat-catalina-7.0.27 in branch main
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.
Namespace: cxronen
Repository: BookStore
Repository Url: https://github.com/cxronen/BookStore
CxAST-Project: cxronen/BookStore
CxAST platform scan: 207c1944-f9e8-4bbb-a51e-1235c29a4b44
Branch: main
Application: BookStore
Severity: MEDIUM
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-264
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: LOW
Availability impact: LOW
Remediation Upgrade Recommendation: 7.0.109
References
Commit
The text was updated successfully, but these errors were encountered: