| VID |
21289 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The Apache Tomcat server distributed with Netware 6.0 has a directory traversal vulnerability.
Apache Tomcat is a Java application server used with Apache HTTP Server to support JavaServer Pages (JSP) and Java servlets. The '/examples/jsp/source.jsp' sample script in the Apache Tomcat server distributed with Netware 6.0 could allow a remote attacker to view contents of arbitrary files on the Web server.
The 'source.jsp' script prevents directory traversal via '/../' sequences. However, an attacker attempting directory traversal via '/%2e%2e/' sequences with Unicode characters will succeed. This may allow an attacker to request any files on the vulnerable system readable by the Web server. To exploit this vulnerability, a remote attacker will send a "source.jsp" request containing "dot dot" sequences (/%2e%2e/) for a known file, it could allow the attacker to obtain sensitive information from the Netware server, such as the RCONSOLE password located in AUTOEXEC.NCF.
http://[targetserver]/examples/jsp/source.jsp?%2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf
* Platforms Affected:
Apache Software Foundation Tomcat Any version
Netware 6.0 |
| Recommendation |
Remove default sample files located in "/examples/" virtual directory from the affected Web server. Also, ensure the RCONSOLE password is encrypted and utilize a password protected screensaver for console access. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
