Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Tomcat 6.0.x < 6.0.45 / 7.0.x < 7.0.68 / 8.0.x < 8.0.30 Directory Traversal



The remote web server is missing an Apache Tomcat patch update.


Apache Tomcat 6.0.x before 6.0.45, 7.0.x before 7.0.68, or 8.0.x before 8.0.30 is affected a flaw that is due to the program, when handling a request for a directory that is missing a trailing slash, redirecting to URLs with a trailing slash before enforcing access restrictions. This may allow a remote attacker to enumerate valid directories.


Update to Apache Tomcat version 8.0.30 or later. If version 8.0.x cannot be obtained, versions 7.0.68 and 6.0.45 are also patched for these vulnerabilities.