Tomcat vulnerability |
Written by Rebecca Mints |
Wednesday, 20 August 2008 11:48 |
US-CERT warns of Tomcat vulnerability. The US-CERT warns of a directory traversal issue in Apache Tomcat which could allow access to arbitrary files on the server. The Apache Foundation have released updates to address this vulnerability. The 6.0.18 release addresses the directory traversal issue. It also fixes other vulnerabilities including two cross-site scripting flaws and an information disclosure issue.
The developers explained that if a context is configured with allowLinking="true" and the connector is configured with URIEncoding="UTF8" then a malformed request may give access to arbitrary files on the server.
|