Vulners
Lucene search
Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability
| Reporter | Title | Published | Views | Family All 115 |
|---|---|---|---|---|
 | Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability | 11 Aug 200800:00 | – | zdt |
| ToutVirtual VirtualIQ Pro 3.2 Multiple Vulnerabilities | 7 Nov 200900:00 | – | zdt |
 | Apache Tomcat 4.1.x < 4.1.38 / 5.5.x < 5.5.27 / 6.0.x < 6.0.18 Linking UTF-8 Traversal Arbitrary File Access | 12 Aug 200800:00 | – | nessus |
| CentOS 5 : tomcat5 (CESA-2008:0648) | 6 Jan 201000:00 | – | nessus |
| Fedora 9 : tomcat6-6.0.18-1.1.fc9 (2008-7977) | 12 Sep 200800:00 | – | nessus |
| Fedora 9 : tomcat5-5.5.27-0jpp.2.fc9 (2008-8113) | 17 Sep 200800:00 | – | nessus |
| Fedora 8 : tomcat5-5.5.27-0jpp.2.fc8 (2008-8130) | 17 Sep 200800:00 | – | nessus |
| Mac OS X Multiple Vulnerabilities (Security Update 2008-007) | 10 Oct 200800:00 | – | nessus |
| Mandriva Linux Security Advisory : tomcat5 (MDVSA-2008:188) | 23 Apr 200900:00 | – | nessus |
| MiracleLinux 3 : tomcat5-5.5.23-0jpp.7.1.1AXS3 (AXSA:2008-90:02) | 14 Jan 202600:00 | – | nessus |
10
Title: Apache Tomcat Directory Traversal Vulnerability
Author: Simon Ryeo(bar4mi (at) gmail.com, barami (at) ahnlab.com)
Severity: High
Impact: Remote File Disclosure
Vulnerable Version: prior to 6.0.18
Solution:
- Best Choice: Upgrade to 6.0.18 (http://tomcat.apache.org)
- Hot fix: Disable allowLinking or do not set URIencoding to utf8 in order to avoid this vulnerability.
- Tomcat 5.5.x and 4.1.x Users: The fix will be included in the next releases. Please apply the hot fix until next release.
References:
- http://tomcat.apache.org/security.html
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938
History:
- 07.17.2008: Initiate notify (To Apache Security Team)
- 08.02.2008: Responsed this problem fixed and released new version
- 08.05.2008: Notify disclosure (To Apache Tomcat Security Team)
- 08.10.2008: Responsed with some suggestions.
Description
As Apache Security Team, this problem occurs because of JAVA side.
If your context.xml or server.xml allows 'allowLinking'and 'URIencoding' as
'UTF-8', an attacker can obtain your important system files.(e.g. /etc/passwd)
Exploit
If your webroot directory has three depth(e.g /usr/local/wwwroot), An
attacker can access arbitrary files as below. (Proof-of-concept)
http://www.target.com/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/foo/bar
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Aug 2008 00:00Current
7.6High risk
Vulners AI Score7.6
EPSS0.92704