(Sun Issues Fix for Solaris) Apache Tomcat Discloses Directory Listings to Remote Users
|
|
SecurityTracker Alert ID: 1020415 |
|
SecurityTracker URL: http://securitytracker.com/id/1020415
|
|
CVE Reference:
CVE-2006-3835
(Links to External Site)
|
Updated: Jul 2 2008
|
Original Entry Date: Jul 2 2008
|
Impact:
Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 5.0.28, 5.5.7, 5.5.9, and 5.5.12
|
Description:
A vulnerability was reported in Apache Tomcat. A remote user can view directory listings on the target system.
The software does not properly validate user-supplied input. A remote user can supply a specially crafted request for a file name that is prepended with a semicolon and with a file extension that is mapped to Apache to view directory listings on target system. The actual file name does not need to exist.
Some demonstration exploit URLs are provided:
http://[target]/;index.jsp
http://[target]/help/;help.do
ScanAlert's Enterprise Services Team discovered this vulnerability.
|
Impact:
A remote user can view directory listings of web directories on the target system.
|
Solution:
Sun has issued a fix for Tomcat on Solaris.
SPARC Platform
* Solaris 10 with patch 122911-12 or later
x86 Platform
* Solaris 10 with patch 122912-12 or later
A fix for Solaris 9 is pending.
The Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1
|
Vendor URL: tomcat.apache.org/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
UNIX (Solaris - SunOS)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
