*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Jamie Strandboge (jdstrand):
Severity: High Impact: Remote File Disclosure Vulnerable Version: prior to 6.0.18 As Apache Security Team, this problem occurs because of JAVA side. If your context.xml or server.xml allows 'allowLinking'and 'URIencoding' as 'UTF-8', an attacker can obtain your important system files.(e.g. /etc/passwd) Reproducible: Always Steps to Reproduce: Exploit If your webroot directory has three depth(e.g /usr/local/wwwroot), An attacker can access arbitrary files as below. (Proof-of-concept) http://www.target.com/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/foo/bar References: - http://tomcat.apache.org/security.html - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938 ** Affects: tomcat5.5 (Ubuntu) Importance: Undecided Status: Confirmed ** Affects: tomcat6 (Ubuntu) Importance: Undecided Status: Confirmed ** Affects: tomcat6 (Gentoo Linux) Importance: Unknown Status: Invalid -- tomcat <6.0.18: Directory Traversal (CVE-2008-2938) https://bugs.launchpad.net/bugs/256802 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
