Apache Tomcat 4.1.x < 4.1.38 / 5.5.x < 5.5.27 / 6.0.x < 6.0.18 Linking UTF-8 Traversal Arbitrary File Access

2008-08-1200:00:00

Tenable

www.tenable.com

JSON

The version of Apache Tomcat running on the remote host is affected by a directory traversal vulnerability due to an issue with the UTF-8 charset implementation within the underlying JVM. An unauthenticated, remote attacker can exploit this, by encoding directory traversal sequences as UTF-8 in a request, to view arbitrary files on the remote host.

Note that successful exploitation requires that a context be configured with ‘allowLinking’ set to ‘true’ and the connector with ‘URIEncoding’ set to ‘UTF-8’, neither of which is a default setting.

Binary data 4621.pasl

VendorProductVersionCPE
apachetomcatcpe:/a:apache:tomcat

Vendor	Product	Version	CPE
apache	tomcat		cpe:/a:apache:tomcat

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938

www.securityfocus.com/archive/1/496168/30/0/threaded,http://www.securityfocus.com/archive/1/499356/30/0/threaded,http://www.securityfocus.com/archive/1/495318/30/0/threaded,http://tomcat.apache.org/security-6.html,http://tomcat.apache.org/security-5.html,http://tomcat.apache.org/security-4.html

JSON