Apache Tomcat < 5.5.23 / 6.0.10 Directory Traversal Arbitrary File Access
Medium Log Correlation Engine Plugin ID 800604
SynopsisThe remote host is vulnerable to a directory traversal flaw.
DescriptionThe remote host is running the Apache Tomcat server. This version of Tomcat is vulnerable to a directory traversal flaw. An attacker exploiting this flaw would only need to be able to send a malformed request to the server. Successful exploitation would result in the attacker being able to read arbitrary files with the permission of the web server process. This can lead to disclosure of source code or confidential data.
SolutionUpgrade to version 5.5.23, 6.0.10 or higher.