Apache Tomcat 6.0.20 and 5.5.28 unexpected file deletion in work directory

2010.01.29
Credit: Mark Thomas
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-2000


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 5.5.0 to 5.5.28 Tomcat 6.0.0 to 6.0.20 The unsupported Tomcat 3.x, 4.x and 5.0.x versions may be also affected. Description: When deploying WAR files, the WAR file names were not checked for directory traversal attempts. This allows an attacker to cause the deletion of the current contents of the host's work directory which may cause problems for currently running applications. Mitigation: 6.0.x users should upgrade to 6.0.24 or apply this patch: http://svn.apache.org/viewvc?rev=892815&view=rev 5.5.x users should upgrade to 5.5.29 when released or apply this patch: http://svn.apache.org/viewvc?rev=902650&view=rev Note: the patches also address CVE-2009-2693 and CVE-2009-2901. Alternatively, users of all Tomcat versions may mitigate this issue by manually validating the contents of untrusted WAR files before deployment. Example: Deploying and undeploying a WAR named "...war" causes the all files and subdirectories in "work/<engine name>/<host name>" to be removed. Credit: This issue was discovered by the Apache Tomcat security team References: [1] http://tomcat.apache.org/security.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJLXMGKAAoJEBDAHFovYFnnU3sP/2qKA+k8nmXoowqeUKfgTZyg EJAtLvuTHFViDFeA7tDrh18pMzWUfPCu/sU8qXaiY71Dw6Fa8zcJ1SksP/WB4jmN UDuSj9vm5INxjbANnniSpZ5+tfLukPz9I3vFIIpmT4xO2aGnbqTUWPmVb2Oitapp ePH35D0OldLIL8O4TmdTK5LPw/qufbvEtegTlryJeyO9kWvqmK54W2cs60i+txiD zwzoRJgmNd7e/DS8+jrGrSFgLiFQlEQraQ99OvvU9bi7DofEUA1HuxPV94Ck8oMc xbcNlAgSMuqc0PuIff68rXP3M/4M96j/BFRRLsAqUPfXBZQBZ6vc/uOVG2JriIQU psksw1zTf8pbUTtuY6EUry3SspTHWcMGJfoxtrXa0nVxGnTg5XI/joipbCbbcF6p 0npKt3IIEH6JYtZ2DbSO0w6QjFnCVV5v0mB1LrMQDy0SzfcYf6G0MnmD6hLYNsdz 83TRgicGCfcSqZdiZDJ2Kngwnjl/oHYx2A1SVOc4q0NoIlFnzF9qMqiLM5hM87LT 3FaFsDmeFwhUxo4JRGAFA+ft1UrYufCvCQy+ZW6fxPIW2Qz9aEq63MDVojdd2yf7 Z9JApNAiO6q1cJukOaworJiv1cbcZHp0SaWDJQIo4VFT2APD2DFU79vCseIusX4e jcy9btzWclss+2hAA/XQ =kJa8 -----END PGP SIGNATURE-----

References:

http://xforce.iss.net/xforce/xfdb/55857
http://www.vupen.com/english/advisories/2010/0213
http://www.securityfocus.com/bid/37945
http://www.securityfocus.com/archive/1/archive/1/509150/100/0/threaded
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-5.html
http://svn.apache.org/viewvc?rev=902650&view=rev
http://svn.apache.org/viewvc?rev=892815&view=rev
http://securitytracker.com/id?1023504
http://secunia.com/advisories/38346
http://secunia.com/advisories/38316


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top