English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.108476
Category:Web application abuses
Title:Apache Tomcat 'UTF-8' Directory Traversal Vulnerability
Summary:Apache Tomcat is prone to a directory-traversal; vulnerability because it fails to sufficiently sanitize user-supplied input.
Description:Summary:
Apache Tomcat is prone to a directory-traversal
vulnerability because it fails to sufficiently sanitize user-supplied input.

Vulnerability Impact:
A remote attacker could exploit this vulnerability using directory-
traversal strings (such as '../') to gain access to arbitrary files on the targeted system. This may
result in the disclosure of sensitive information or lead to a complete compromise of the affected computer.

Affected Software/OS:
Apache Tomcat versions before 4.1.39, 5.x before 5.5.27 and 6.x before 6.0.18 are vulnerable.")


script_tag(name:"insight", value:"Originally reported as a Tomcat vulnerability the root cause of this issue is that
the JVM does not correctly decode UTF-8 encoded URLs to UTF-8. This exposes a directory traversal vulnerability when
the connector uses URIEncoding="UTF-8". This directory traversal is limited to the docBase of the web application.

If a context is configured with allowLinking="true" then the directory traversal vulnerability is extended to the
entire file system of the host server.

It should also be noted that setting useBodyEncodingForURI="true" has the same effect as setting URIEncoding="UTF-8"
when processing requests with bodies encoded with UTF-8.

Although the root cause was quickly identified as a JVM issue and that it affected multiple JVMs from multiple vendors,
it was decided to report this as a Tomcat vulnerability until such time as the JVM vendors provided updates to resolve
this issue. For further information on the status of this issue for your JVM, contact your JVM vendor.

Solution:
Update Apache Tomcat to version 4.1.39, 5.5.27 or 6.0.18 or later which includes
a workaround that protects against this and any similar character encoding issues that may still exist in the JVM.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N

Cross-Ref: BugTraq ID: 30633
Common Vulnerability Exposure (CVE) ID: CVE-2008-2938
Bugtraq: 20080811 Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/495318/100/0/threaded
Bugtraq: 20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/507729/100/0/threaded
https://www.exploit-db.com/exploits/6229
http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
HPdes Security Advisory: HPSBUX02401
http://marc.info/?l=bugtraq&m=123376588623823&w=2
HPdes Security Advisory: SSRT090005
http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
http://www.redhat.com/support/errata/RHSA-2008-0648.html
http://www.redhat.com/support/errata/RHSA-2008-0862.html
http://www.redhat.com/support/errata/RHSA-2008-0864.html
SuSE Security Announcement: SUSE-SR:2008:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
SuSE Security Announcement: SUSE-SR:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
CERT/CC vulnerability note: VU#343355
http://www.kb.cert.org/vuls/id/343355
http://www.securityfocus.com/bid/30633
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10587
http://secunia.com/advisories/37297
http://www.vupen.com/english/advisories/2008/2343
http://www.vupen.com/english/advisories/2008/2823
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2009/0320
http://www.securitytracker.com/id?1020665
http://secunia.com/advisories/31639
http://secunia.com/advisories/31891
http://secunia.com/advisories/31865
http://secunia.com/advisories/32222
http://secunia.com/advisories/31982
http://secunia.com/advisories/33797
http://secunia.com/advisories/32120
http://secunia.com/advisories/32266
http://securityreason.com/securityalert/4148
XForce ISS Database: tomcat-allowlinking-utf8-directory-traversal(44411)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44411
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.