Apache Tomcat versions 4.1.0 through 4.1.37 and 5.5.0 through 5.5.26 suffer from a directory traversal vulnerability.
784cbced69953a4b6c5cd8a8fbd15a313f674bac5a000ed841e40acb7d3d8787Vulnerability description:
An input validation error can be exploited to download arbitrary files via directory traversal attacks.
Successful exploitation requires that a context is configured with allowLinking="true" and that the connector is configured with URIEncoding="UTF-8".
Affected versions 4.1.0 to 4.1.37, 5.5.0 to 5.5.26.
Affected items
test : http://127.0.0.1:7021/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd
The impact of this vulnerability
The remote atacker can download arbitrary files via directory traversal attacks.
How to fix this vulnerability
The problem was fixed in the SVN.
Web references
Apache Tomcat 5.x vulnerabilities :=> http://tomcat.apache.org/security-5.html
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed