Apache Tomcat contextAdmin Arbitrary File Access

2000-07-21T00:00:00
ID OSVDB:376
Type osvdb
Reporter Scott Morris(smorris@gridnet.com)
Modified 2000-07-21T00:00:00

Description

Vulnerability Description

Tomcat contains a flaw that may allow a remote attacker to read arbitrary files. The problem is that the default installation of the application does not restrict access to the /admin context. It is possible for a remote attacker to add a context for the root directory by directly calling the administrative servlets and view arbitrary files on the system, resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Restrict access to /admin or remove this context, and do not run Tomcat as root.

Short Description

Tomcat contains a flaw that may allow a remote attacker to read arbitrary files. The problem is that the default installation of the application does not restrict access to the /admin context. It is possible for a remote attacker to add a context for the root directory by directly calling the administrative servlets and view arbitrary files on the system, resulting in a loss of confidentiality.

References:

Vendor URL: http://jakarta.apache.org/tomcat/ Snort Signature ID: 1111 Nessus Plugin ID:10477 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-07/0309.html ISS X-Force ID: 5160 CVE-2000-0672 Bugtraq ID: 1548