Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apache :: bx4057.htm

Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability



Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability
Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability



Title: Apache Tomcat Directory Traversal Vulnerability=0D
Author: Simon Ryeo(bar4mi (at) gmail.com, barami (at) ahnlab.com)=0D
Severity: High=0D
Impact: Remote File Disclosure=0D
Vulnerable Version: prior to 6.0.18=0D
Solution:=0D
- Best Choice: Upgrade to 6.0.18 (http://tomcat.apache.org)=0D 
 - Hot fix: Disable allowLinking or do not set URIencoding to utf8 in order to avoid this vulnerability.=0D
 - Tomcat 5.5.x and 4.1.x Users: The fix will be included in the next releases. Please apply the hot fix until next release.=0D
References:=0D
- http://tomcat.apache.org/security.html=0D 
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938=0D 
History:=0D
 - 07.17.2008: Initiate notify (To Apache Security Team)=0D
 - 08.02.2008: Responsed this problem fixed and released new version=0D
 - 08.05.2008: Notify disclosure (To Apache Tomcat Security Team)=0D
 - 08.10.2008: Responsed with some suggestions.=0D
=0D
Description=0D
As Apache Security Team, this problem occurs because of JAVA side.=0D
If your context.xml or server.xml allows 'allowLinking'and 'URIencoding' as=0D
'UTF-8', an attacker can obtain your important system files.(e.g.  /etc/passwd)=0D
=0D
Exploit=0D
If your webroot directory has three depth(e.g /usr/local/wwwroot), An=0D
attacker can access arbitrary files as below. (Proof-of-concept)=0D
=0D
http://www.target.com/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/foo/bar 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH