icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Apache Tomcat < 6.0.18 UTF-8 Directory Traversal Arbitrary File Access

High

Synopsis

The remote web server is prone to a directory traversal attack.

Description

The version of Apache Tomcat installed on the remote host is affected by a directory traversal issue. By encoding directory traversal sequences as UTF-8 in a request, an unauthenticated remote attacker can leverage this issue to view arbitrary files on the remote host. Note that successful exploitation requires that a context be configured with 'allowLinking' set to 'true' and the connector with 'URIEncoding' set to 'UTF-8', neither of which is a default setting.

Solution

Upgrade to version 6.0.18 or higher.