漏洞类别:CGI
漏洞等级: 
漏洞信息
Apache Tomcat is an open-source Java Servlet Container developed by the Apache Software Foundation (ASF).
The vulnerability exists when running an untrusted applications under a SecurityManager which do not use the appropriate facade object. A remote attacker could exploit this vulnerability via another web application that retains a reference to the request or response object and thereby access and/or modify information associated
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M17
Apache Tomcat 8.5.0 to 8.5.11
Apache Tomcat 8.0.0.RC1 to 8.0.41
Apache Tomcat 7.0.0 to 7.0.75
漏洞危害
Successful exploitation allows remote attackers to obtain sensitive information that may aid in further attacks.
解决方案
Customers are advised to upgrade to Apache Tomcat versions 9.0.0.M18, 8.5.12, 8.0.42, 7.0.76 or later to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论