Information Disclosure

Apache Tomcat HTTP/1.1 connector is vulnerable to information disclosure. A lack of validation in the URL allows remote attackers to inject NULL bytes and retrieve confidential information through reading of JSP source files when allowLinking is configured...

Directory Traversal

tomcat-coyote is vulnerable to directory traversal attacks. The vulnerability exists as the JVM does not correctly decode UTF-8 encoded URLs, and when a context is configured with allowLinking="true", allowing directory traversal attacks...

Tomcat UTF-8 Directory Traversal Vulnerability

This module tests whether a directory traversal vulnerability is present in versions of Apache Tomcat 4.1.0 - 4.1.37, 5.5.0 - 5.5.26 and 6.0.0 - 6.0.16 under specific and non-default installations. The connector must have allowLinking set to true and URIEncoding set to UTF-8. Furthermore, the...

Mandriva Update for tomcat5 MDVSA-2008:188 (tomcat5)

Check for the Version of tomcat5 OpenVAS Vulnerability Test Mandriva Update for tomcat5 MDVSA-2008:188 tomcat5 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Mandriva Update for tomcat5 MDVSA-2008:188 (tomcat5)

Check for the Version of tomcat5 OpenVAS Vulnerability Test Mandriva Update for tomcat5 MDVSA-2008:188 tomcat5 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

tomcat-traverse.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: Apache Tomcat Directory Traversal Vulnerability Author: Simon Ryeobar4mi at gmail.com, barami at ahnlab.com Severity: High Impact: Remote File Disclosure Vulnerable Version: prior to 6.0.18 Solution: - Best Choice: Upgrade to 6.0.18...

Apache Tomcat UTF-8目录遍历漏洞

BUGTRAQ ID:30633 CVE ID：CVE-2008-2938 CNCVE ID：CNCVE-20082938 Apache Tomcat是一款流行的开放源码的JSP应用服务器程序。。 Apache Tomcat不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB服务程序上下文查看任意本地文件。 此漏洞发生是由于JAVA处理输入存在问题，如果context.xml或server.xml允许'allowLinking'和'URIencoding'为'UTF-8'，攻击者可以以WEB权限获得重要的系统文件内容。 Apache Software Foundation Tomca...

Apache Tomcat 6.0.18 - utf8 Directory Traversal (PoC)

Apache Tomcat 6.0.18 - utf8 Directory Traversal PoC Title: Apache Tomcat Directory Traversal Vulnerability Author: Simon Ryeobar4mi at gmail.com, barami at ahnlab.com Severity: High Impact: Remote File Disclosure Vulnerable Version: prior to 6.0.18 Solution: - Best Choice: Upgrade to 6.0.18...

Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC)

Title: Apache Tomcat Directory Traversal Vulnerability Author: Simon Ryeobar4mi at gmail.com, barami at ahnlab.com Severity: High Impact: Remote File Disclosure Vulnerable Version: prior to 6.0.18 Solution: - Best Choice: Upgrade to 6.0.18 http://tomcat.apache.org - Hot fix: Disable allowLinking ...

Apache Tomcat 'allowLinking' URI中接收NULL字节信息泄漏漏洞

Tomcat是一款由Apache软件基金会下属的Jakarta项目开发的一个Servlet容器。 当配置'allowlingk'时Apache Tomcat HTTP/1.0 connector不正确处理URI中的NULL字节，远程攻击者可以利用漏洞获得JSP源代码敏感信息。 目前没有详细漏洞细节提供。 Apache Software Foundation Tomcat 4.1.37 Apache Software Foundation Tomcat 4.1.36 Apache Software Foundation Tomcat 4.1.36 Apache Software...

CVE-2005-4836

CVE-2005-4836 affects Apache Tomcat 4.1.15–4.1.40. The HTTP/1.1 connector may fail to reject NULL bytes in a URL when allowLinking is enabled, enabling a remote attacker to read JSP source files and obtain sensitive information. Multiple connected sources corroborate the same description and clas...

CVE-2005-4836

The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information...