Release DateJul 22, 2011 |
Severitymedium |
ImpactInformation disclosure: Attackers may be able to bypass security restrictions and compromise vulnerable systems. |
DescriptionThis indicates a possible attack against a Directory Traversal vulnerability in Apache Tomcat.This is caused by the vulnerable application's failure to sanitize user supplied input. A successful attack may allow a remote attacker to view arbitrary local files and directories within the context of the webserver. |
Affected ProductsApache Software Foundation Tomcat 6.0 to 6.0.16Apache Software Foundation Tomcat 5.5 to 5.5.26 Apache Software Foundation Tomcat 4.1 to 4.1.37 |
Recommended ActionsUpgrade to the latest version, available from the website:http://tomcat.apache.org/ |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2008-2938 |
Reference/shttp://www.exploit-db.com/exploits/14489http://www.frsirt.com/english/advisories/2008/2343 (FrSIRT) http://www.milw0rm.com/exploits/6229 http://www.securityfocus.com/bid/30633 (BugTraq) |
