Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Tomcat 6.0.x < 6.0.45 / 7.0.x < 7.0.68 / 8.0.x < 8.0.30 Directory Traversal

Medium

Synopsis

The remote web server is missing an Apache Tomcat patch update.

Description

Apache Tomcat 6.0.x before 6.0.45, 7.0.x before 7.0.68, or 8.0.x before 8.0.30 is affected a flaw that is due to the program, when handling a request for a directory that is missing a trailing slash, redirecting to URLs with a trailing slash before enforcing access restrictions. This may allow a remote attacker to enumerate valid directories.

Solution

Update to Apache Tomcat version 8.0.30 or later. If version 8.0.x cannot be obtained, versions 7.0.68 and 6.0.45 are also patched for these vulnerabilities.