Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Tomcat 6.0.x < 6.0.45 / 7.0.x < 7.0.65 / 8.0.x < 8.0.27 Directory Traversal



The remote web server is missing an Apache Tomcat patch update.


Apache Tomcat 6.0.x before 6.0.45, 7.0.x before 7.0.65 or 8.0.x before 8.0.27 is affected by a flaw that allows traversing outside of a restricted path. The issue is due to the 'getResource()', 'getResourceAsStream()', and 'getResourcePaths()' ServletContext methods not properly sanitizing user input, specifically path traversal style attacks (e.g. '../'). With a specially crafted request, a remote attacker can gain access to a directory listing.


Update to Apache Tomcat version 8.0.27 or later. If version 8.0.x cannot be obtained, versions 7.0.65 and 6.0.45 are also patched for these vulnerabilities.