Apache : Security Vulnerabilities, CVEs, Published In 2011 (Directory traversal)
Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.
Max CVSS
9.3
EPSS Score
0.58%
Published
2011-01-28
Updated
2022-02-07
soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Max CVSS
6.9
EPSS Score
0.04%
Published
2011-01-28
Updated
2022-02-07
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Max CVSS
1.2
EPSS Score
0.24%
Published
2011-02-10
Updated
2023-02-13
3 vulnerabilities found