Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Tomcat < 6.0.18 UTF-8 Directory Traversal Arbitrary File Access

Medium

Synopsis

The remote web server is prone to a directory traversal attack.

Description

The version of Apache Tomcat installed on the remote host is affected by a directory traversal issue. By encoding directory traversal sequences as UTF-8 in a request, an unauthenticated remote attacker can leverage this issue to view arbitrary files on the remote host. Note that successful exploitation requires that a context be configured with 'allowLinking' set to 'true' and the connector with 'URIEncoding' set to 'UTF-8', neither of which is a default setting.

Solution

Upgrade to version 6.0.18 or higher.