| VID |
22091 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The Tomcat servlet server will reveal the physical path of the webroot when asked for a .jsp file using a specially crafted request. An attacker may use this flaw to gain further knowledge about the remote filesystem layout.
On submiting an unusually long request(more than 222 bytes) or a special crafted request, such as the following methods, you can get the web server's install path:
$ lynx http://localhost:8080/`perl -e 'print "A" x 223'`.jsp
$ lynx http://localhost:8080/:/x.jsp
$ lynx http://localhost:8080/~../x.jsp
* References:
http://www.securityfocus.com/bid/3199
http://www.iss.net/security_center/static/6997.php |
| Recommendation |
No remedy available as of November 2001.
As a workaround, users can create custom error pages using the <error-page> directive in web.xml |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
