| VID |
22158 |
| Severity |
40 |
| Port |
8080 |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The Apache Tomcat server has a directory traversal vulnerability via unicode characters.
Jakarta Tomcat is a Java application server used with Apache HTTP servers to support JavaServer Pages (JSP) and Java servlets. Tomcat version 3.2.1 and earlier could allow a remote attacker to traverse directories on the Web server. A remote attacker can send a URL request containing "dot dot" sequences (/%2e%2e/) with the unicode characters to traverse directories and view files outside of the Web root.
By issuing the following URL using an web browser, it will cause Tomcat server to list the content of a directory outside the root document directory:
http://www.example.com:8080/%2e%2e/%2e%2e/%2e%2e/%00.jsp
* Platforms Affected:
Apache Tomcat Any version
Windows Platforms
UNIX/Linux Platforms
* References:
http://online.securityfocus.com/bid/2518
http://www.iss.net/security_center/static/6305.php
http://www.securiteam.com/windowsntfocus/5YP040U40M.html |
| Recommendation |
Upgrade to the latest version of Jakarta Tomcat (3.2.2b2 or later), available from the Jakarta Web site, http://jakarta.apache.org/site/binindex.html
As a workaround, in server.xml, add an "inet" parameter to the connector definition:
<Connector className="...">
<Parameter name="handler" value="...">
<Parameter name="inet" value="localhost">
<Parameter name="port" value="8007">
</Connector> |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
