Apache Tomcat SecurityManager Security Bypass Vulnerability

Bugtraq ID: 46177
Class: Input Validation Error
CVE: CVE-2010-3718
Remote: Yes
Local: No
Published: Feb 05 2011 12:00AM
Updated: Apr 13 2015 10:24PM
Credit: Tomcat security team
Vulnerable: Ubuntu Ubuntu Linux 9.10 sparc
Ubuntu Ubuntu Linux 9.10 powerpc
Ubuntu Ubuntu Linux 9.10 lpia
Ubuntu Ubuntu Linux 9.10 i386
Ubuntu Ubuntu Linux 9.10 ARM
Ubuntu Ubuntu Linux 9.10 amd64
Ubuntu Ubuntu Linux 10.10 powerpc
Ubuntu Ubuntu Linux 10.10 i386
Ubuntu Ubuntu Linux 10.10 ARM
Ubuntu Ubuntu Linux 10.10 amd64
Ubuntu Ubuntu Linux 10.04 sparc
Ubuntu Ubuntu Linux 10.04 powerpc
Ubuntu Ubuntu Linux 10.04 i386
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 10.04 amd64
Sun Solaris 9_x86
Sun Solaris 9_sparc
Sun Solaris 11 Express
Sun Solaris 10_x86
Sun Solaris 10_sparc
Redhat JBoss Enterprise Web Server for Windows 1.0
Redhat JBoss Enterprise Web Server for Solaris 1.0
Redhat JBoss Enterprise Web Server for RHEL 6 1.0
Redhat JBoss Enterprise Web Server for RHEL 5 Server 1.0
Redhat JBoss Enterprise Web Server for RHEL 4 ES 1.0
Redhat JBoss Enterprise Web Server for RHEL 4 AS 1.0
Redhat JBoss Enterprise Web Server EL4 0
Redhat JBoss Enterprise Web Server 5.0
Redhat Enterprise Linux Workstation Optional 6
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server Optional 6
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node Optional 6
Redhat Enterprise Linux Desktop Workstation 5 client
Redhat Enterprise Linux Desktop Optional 6
Redhat Enterprise Linux Desktop 5 client
Redhat Enterprise Linux 5 Server
Oracle Enterprise Linux 5
Mandriva Linux Mandrake 2010.1 x86_64
Mandriva Linux Mandrake 2010.1
Mandriva Linux Mandrake 2010.0 x86_64
Mandriva Linux Mandrake 2010.0
Mandriva Linux Mandrake 2009.0 x86_64
Mandriva Linux Mandrake 2009.0
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
IBM WebSphere Application Server Community Edition 2.1.1.5
HP XP P9000 Performance Advisor 5.4.1
HP HP-UX Web Server Suite 3.22
HP HP-UX Web Server Suite 3.21
HP HP-UX Web Server Suite 3.18
HP HP-UX Web Server Suite 3.17
HP HP-UX Web Server Suite 3.13
HP HP-UX Web Server Suite 3.12
HP HP-UX Web Server Suite 3.10
HP HP-UX Web Server Suite 2.32
HP HP-UX Web Server Suite 2.31
HP HP-UX B.11.31
HP HP-UX B.11.11
Gentoo Linux
Debian Linux 5.0 sparc
Debian Linux 5.0 s/390
Debian Linux 5.0 powerpc
Debian Linux 5.0 mipsel
Debian Linux 5.0 mips
Debian Linux 5.0 m68k
Debian Linux 5.0 ia-64
Debian Linux 5.0 ia-32
Debian Linux 5.0 hppa
Debian Linux 5.0 armel
Debian Linux 5.0 arm
Debian Linux 5.0 amd64
Debian Linux 5.0 alpha
Debian Linux 5.0
CTERA Networks CTERA Portal 3.1
Blue Coat Systems Intelligence Center 3.2.1
Blue Coat Systems Intelligence Center 3.1.2
Blue Coat Systems Intelligence Center 3.1.1
Blue Coat Systems Intelligence Center 2.1.2
Blue Coat Systems Intelligence Center 2.1.1
Blue Coat Systems Intelligence Center 2.1
Blue Coat Systems Intelligence Center 2.0.1
Blue Coat Systems Intelligence Center 2.0
Blue Coat Systems Intelligence Center 3.2
Blue Coat Systems Intelligence Center 3.1
Avaya Interactive Response 4.0
Avaya Interactive Response 3.0
Avaya Aura System Manager 6.1.3
Avaya Aura System Manager 6.1.2
Avaya Aura System Manager 6.1.1
Apple Mac OS X Server 10.6.6
Apple Mac OS X Server 10.6.5
Apple Mac OS X Server 10.6.4
Apple Mac OS X Server 10.6.3
Apple Mac OS X Server 10.6.2
Apple Mac OS X Server 10.6.1
Apple Mac OS X Server 10.6.8
Apple Mac OS X Server 10.6.7
Apple Mac OS X Server 10.6
Apple Mac OS X 10.6.6
Apple Mac OS X 10.6.5
Apple Mac OS X 10.6.5
Apple Mac OS X 10.6.4
Apple Mac OS X 10.6.3
Apple Mac OS X 10.6.2
Apple Mac OS X 10.6.1
Apple Mac OS X 10.6.8
Apple Mac OS X 10.6.7
Apple Mac OS X 10.6
Apache Tomcat 7.0.3
Apache Tomcat 7.0.2
Apache Tomcat 7.0.1
Apache Tomcat 7.0 beta
Apache Tomcat 7.0
Apache Tomcat 6.0.29
Apache Tomcat 6.0.28
Apache Tomcat 6.0.27
Apache Tomcat 6.0.26
Apache Tomcat 6.0.25
Apache Tomcat 6.0.24
Apache Tomcat 6.0.20
Apache Tomcat 6.0.18
Apache Tomcat 6.0.17
Apache Tomcat 6.0.16
Apache Tomcat 6.0.15
Apache Tomcat 6.0.14
Apache Tomcat 6.0.13
Apache Tomcat 6.0.12
Apache Tomcat 6.0.11
Apache Tomcat 6.0.10
Apache Tomcat 6.0.9
Apache Tomcat 6.0.8
Apache Tomcat 6.0.7
Apache Tomcat 6.0.6
Apache Tomcat 6.0.5
Apache Tomcat 6.0.4
Apache Tomcat 6.0.3
Apache Tomcat 6.0.2
Apache Tomcat 6.0.1
Apache Tomcat 6.0
Apache Tomcat 5.5.29
Apache Tomcat 5.5.28
Apache Tomcat 5.5.27
Apache Tomcat 5.5.26
Apache Tomcat 5.5.25
Apache Tomcat 5.5.24
Apache Tomcat 5.5.23
Apache Tomcat 5.5.22
Apache Tomcat 5.5.21
Apache Tomcat 5.5.20
Apache Tomcat 5.5.19
Apache Tomcat 5.5.18
Apache Tomcat 5.5.17
Apache Tomcat 5.5.16
Apache Tomcat 5.5.15
Apache Tomcat 5.5.14
Apache Tomcat 5.5.13
Apache Tomcat 5.5.12
Apache Tomcat 5.5.11
Apache Tomcat 5.5.10
Apache Tomcat 5.5.9
Apache Tomcat 5.5.8
Apache Tomcat 5.5.7
Apache Tomcat 5.5.6
Apache Tomcat 5.5.5
Apache Tomcat 5.5.4
Apache Tomcat 5.5.3
Apache Tomcat 5.5.2
Apache Tomcat 5.5.1
Apache Tomcat 5.5
Apache Tomcat 7.0
Apache Tomcat 6.0.29
Apache Tomcat 6.0.19
Apache Geronimo 2.1.7
Apache Geronimo 2.1.6
Apache Geronimo 2.1.5
Apache Geronimo 2.1.4
Apache Geronimo 2.1.3
Apache Geronimo 2.1.2
Apache Geronimo 2.1.1
Apache Geronimo 2.0.2
Apache Geronimo 2.0.1
Apache Geronimo 1.1.1
Apache Geronimo 1.1
Apache Geronimo 1.0.1
Apache Geronimo 1.0
Apache Geronimo 2.1
Apache Geronimo 2.0
Apache Geronimo 1.2
Apache Geronimo 1.1
Apache Geronimo 1.0
Not Vulnerable: Redhat JBoss Enterprise Web Server for Windows 1.0.2
Redhat JBoss Enterprise Web Server for Solaris 1.0.2
Redhat JBoss Enterprise Web Server for RHEL 6 1.0.2
Redhat JBoss Enterprise Web Server for RHEL 5 Server 1.0.2
Redhat JBoss Enterprise Web Server for RHEL 4 ES 1.0.2
Redhat JBoss Enterprise Web Server for RHEL 4 AS 1.0.2
HP XP P9000 Performance Advisor 5.5.1
HP HP-UX Web Server Suite 3.14
HP HP-UX Web Server Suite 2.33
CTERA Networks CTERA Portal 3.2.28
CTERA Networks CTERA Portal 3.1.39
Blue Coat Systems Intelligence Center 3.2.2.1
Apache Tomcat 7.0.4
Apache Tomcat 5.5.30
Apache Tomcat 6.0.30
Apache Geronimo 2.1.8


 

Privacy Statement
Copyright 2010, SecurityFocus