Affecting org.apache.tomcat:catalina artifact, versions [6,6.0.45]Report new vulnerabilities
org.apache.tomcat:catalina is a Servlet Engine Core Classes and Standard implementations.
Affected versions of this package are vulnerable to Timing Attack. The
setGlobalContext method in
ResourceLinkFactory.java does not consider whether callers to this method are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.