Lucene search
tomcat-traverse.txt
Apache Tomcat Directory Traversal Vulnerability, JAVA side issue, Remote File Disclosure, fix in 6.0.1
Show more
| Reporter | Title | Published | Views | Family All 101 |
|---|---|---|---|---|
 | Apache Tomcat 6.0.18 - utf8 Directory Traversal (PoC) | 11 Aug 200800:00 | – | exploitpack |
| toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities | 7 Nov 200900:00 | – | exploitpack |
 | SLES10: Security update for Tomcat 5 | 13 Oct 200900:00 | – | openvas |
| SLES9: Security update for Tomcat | 10 Oct 200900:00 | – | openvas |
| SLES10: Security update for Tomcat 5 | 13 Oct 200900:00 | – | openvas |
| SLES9: Security update for Tomcat | 10 Oct 200900:00 | – | openvas |
| Trend Micro Data Loss Prevention 5.5 Directory Traversal Vulnerability | 14 Jun 201100:00 | – | openvas |
| Apache Tomcat 'UTF-8' Directory Traversal Vulnerability - Active Check | 22 Oct 201800:00 | – | openvas |
| RedHat Update for tomcat RHSA-2008:0648-01 | 6 Mar 200900:00 | – | openvas |
| Fedora Update for tomcat6 FEDORA-2008-7977 | 17 Feb 200900:00 | – | openvas |
10
`-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Title: Apache Tomcat Directory Traversal Vulnerability
Author: Simon Ryeo(bar4mi (at) gmail.com, barami (at) ahnlab.com)
Severity: High
Impact: Remote File Disclosure
Vulnerable Version: prior to 6.0.18
Solution:
- Best Choice: Upgrade to 6.0.18 (http://tomcat.apache.org)
- Hot fix: Disable allowLinking or do not set URIencoding to utf8 in
order to avoid this vulnerability.
- Tomcat 5.5.x and 4.1.x Users: The fix will be included in the next
releases. Please apply the hot fix until next release.
References:
- http://tomcat.apache.org/security.html
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938
History:
- 07.17.2008: Initiate notify (To Apache Security Team)
- 08.02.2008: Responsed this problem fixed and released new version
- 08.05.2008: Notify disclosure (To Apache Tomcat Security Team)
- 08.10.2008: Responsed with some suggestions.
Description
As Apache Security Team, this problem occurs because of JAVA side.
If your context.xml or server.xml allows 'allowLinking'and 'URIencoding' as
'UTF-8', an attacker can obtain your important system files.(e.g.
/etc/passwd)
Exploit
If your webroot directory has three depth(e.g /usr/local/wwwroot), An
attacker can access arbitrary files as below. (Proof-of-concept)
http://www.target.com/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/foo/bar
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3.4028
wj8DBQFIn6gYzuoR/xLtCioRAi+UAJ955ydh2gH24brmZC3ZwGQJvsrwcQCguQwF
kdtko4iGS8OJj73j2o1E83o=
=DRmh
-----END PGP SIGNATURE-----
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo13 Aug 2008 00:00Current
7.6High risk
Vulners AI Score7.6
EPSS0.93218