Apache Tomcat 4.1.x < 4.1.38 / 5.5.x < 5.5.27 / 6.0.x < 6.0.18 Linking UTF-8 Traversal Arbitrary File Access

medium Nessus Network Monitor Plugin ID 4621

Synopsis

The remote web server is affected by a directory traversal vulnerability.

Description

The version of Apache Tomcat running on the remote host is affected by a directory traversal vulnerability due to an issue with the UTF-8 charset implementation within the underlying JVM. An unauthenticated, remote attacker can exploit this, by encoding directory traversal sequences as UTF-8 in a request, to view arbitrary files on the remote host.

Note that successful exploitation requires that a context be configured with 'allowLinking' set to 'true' and the connector with 'URIEncoding' set to 'UTF-8', neither of which is a default setting.

Solution

Upgrade to Tomcat 6.0.18 / 5.5.27 / 4.1.37 or later. Note: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.

See Also

http://www.securityfocus.com/archive/1/496168/30/0/threaded,http://www.securityfocus.com/archive/1/499356/30/0/threaded,http://www.securityfocus.com/archive/1/495318/30/0/threaded,http://tomcat.apache.org/security-6.html,http://tomcat.apache.org/security-5.html,http://tomcat.apache.org/security-4.html

Plugin Details

Severity: Medium

ID: 4621

Family: Web Servers

Published: 8/12/2008

Updated: 3/6/2019

Nessus ID: 33866

Risk Information

VPR

Risk Factor: Low

Score: 2.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:apache:tomcat

Patch Publication Date: 8/11/2008

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2008-2938

BID: 30633