CVE ID : | CVE-2019-10079 | | While investigating bug 60718, it was noticed that some calls to application listeners did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. |
Solution : Users of the affected versions should apply one of the following mitigations: – Upgrade to Apache Tomcat 9.0.0.M18 or later – Upgrade to Apache Tomcat 8.5.12 or later – Upgrade to Apache Tomcat 8.0.42 or later – Upgrade to Apache Tomcat 7.0.76 or later |