Apache Tomcat contains a vulnerability that may allow directory traversal.
Apache Tomcat is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat contains a vulnerability in the way malformed requests are handled. According to the Apache Tomcat 6.x Vulnerabilities page:
If a context is configured with allowLinking="true" and the connector is configured with URIEncoding="UTF-8" then a malformed request may be used to access arbitrary files on the server.
This vulnerability affects versions 4.1.0-4.1.37, 5.5.0-5.5.26, and 6.0.0-6.0.16.
Note that we are aware of publicly-available exploit code for this vulnerability.
A remote attacker could gain access to arbitrary files on the server.
Apply an update
This issue was reported by William A. Rowe of Apache.
|Date First Published:||2008-08-19|
|Date Last Updated:||2008-08-19 20:29 UTC|