Tomcat vulnerability |
Written by Rebecca Mints |
Wednesday, 20 August 2008 11:48 |
US-CERT warns of Tomcat vulnerability. The US-CERT warns of a directory traversal issue in Apache Tomcat which could allow access to arbitrary files on the server. The Apache Foundation have released updates to address this vulnerability. The 6.0.18 release addresses the directory traversal issue. It also fixes other vulnerabilities including two cross-site scripting flaws and an information disclosure issue.
The developers explained that if a context is configured with allowLinking="true" and the connector is configured with URIEncoding="UTF8" then a malformed request may give access to arbitrary files on the server.
|
Gtron WTW Threat Level Since: 2009.08.23 - 21:08 UTC WTW Threat Level: 1.25 Average WTW: RealTime Threats About WTW Threat Level (Unique Grading System) Use this feed on your site (Add to iGoogle) |