234441 – www-servers/tomcat <6.0.18: Directory Traversal

Bug 234441 - www-servers/tomcat <6.0.18: Directory Traversal

Summary: www-servers/tomcat <6.0.18: Directory Traversal

Status:	RESOLVED DUPLICATE of bug 225477

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High critical (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-08-11 04:48 UTC by Emanuele Gentili
Modified:	2008-08-13 22:23 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Emanuele Gentili 2008-08-11 04:48:36 UTC

Severity: High
Impact: Remote File Disclosure
Vulnerable Version: prior to 6.0.18

As Apache Security Team, this problem occurs because of JAVA side.
If your context.xml or server.xml allows 'allowLinking'and 'URIencoding' as
'UTF-8', an attacker can obtain your important system files.(e.g.  /etc/passwd)


Reproducible: Always

Steps to Reproduce:
Exploit
If your webroot directory has three depth(e.g /usr/local/wwwroot), An
attacker can access arbitrary files as below. (Proof-of-concept)

http://www.target.com/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/foo/bar

Comment 1 William L. Thomson Jr. (RETIRED) gentoo-dev

2008-08-13 22:23:28 UTC


*** This bug has been marked as a duplicate of bug 225477 ***