| Description: | Summary:
Apache Tomcat is prone to a directory traversal vulnerability
because it fails to sufficiently sanitize user-supplied input.
Vulnerability Insight:
Originally reported as a Tomcat vulnerability the root cause of
this issue is that the JVM does not correctly decode UTF-8 encoded URLs to UTF-8. This exposes a
directory traversal vulnerability when the connector uses URIEncoding='UTF-8'. This directory
traversal is limited to the docBase of the web application.
If a context is configured with allowLinking='true' then the directory traversal vulnerability is
extended to the entire file system of the host server.
It should also be noted that setting useBodyEncodingForURI='true' has the same effect as setting
URIEncoding='UTF-8' when processing requests with bodies encoded with UTF-8.
Although the root cause was quickly identified as a JVM issue and that it affected multiple JVMs
from multiple vendors, it was decided to report this as a Tomcat vulnerability until such time as
the JVM vendors provided updates to resolve this issue. For further information on the status of
this issue for your JVM, contact your JVM vendor.
Vulnerability Impact:
A remote attacker could exploit this vulnerability using
directory-traversal strings (such as '../') to gain access to arbitrary files on the targeted
system. This may result in the disclosure of sensitive information or lead to a complete
compromise of the affected computer.
Affected Software/OS:
Apache Tomcat versions before 4.1.39, 5.x before 5.5.27 and 6.x
before 6.0.18 are vulnerable.
Solution:
Update Apache Tomcat to version 4.1.39, 5.5.27 or 6.0.18 or
later which includes a workaround that protects against this and any similar character encoding
issues that may still exist in the JVM.
CVSS Score:
4.3
CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
