A security vulnerability was found in Tomcat 10, a Java based web server and servlet engine. A malicious user was able to view security sensitive files and/or inject content into those files when writes were enabled for the default servlet (disabled by default) and support for partial PUT was enabled (default). Under certain circumstances, depending on the application in use, remote code execution may have been possible.
https://security-tracker.debian.org/tracker/DSA-5893-1
Continue reading...
https://security-tracker.debian.org/tracker/DSA-5893-1
Continue reading...
