Apache Tomcat 8.0.26 Limited Directory Traversal

Published
Credit
Risk
2016.02.23
Apache Tomcat security team
Medium
CWE
CVE
Local
Remote
CWE-22
CVE-2015-5174
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CVE-2015-5174 Apache Tomcat Limited Directory Traversal

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:
- - Apache Tomcat 6.0.0 to 6.0.44
- - Apache Tomcat 7.0.0 to 7.0.64
- - Apache Tomcat 8.0.0.RC1 to 8.0.26
- - Apache Tomcat 9 is not affected
- - Earlier, unsupported Tomcat versions may be affected

Description:
When accessing resources via the ServletContext methods getResource()
getResourceAsStream() and getResourcePaths() the paths should be limited
to the current web application. The validation was not correct and paths
of the form "/.." were not rejected. Note that paths starting with
"/../" were correctly rejected.
This bug allowed malicious web applications running under a security
manager to obtain a directory listing for the directory in which the web
application had been deployed. This should not be possible when running
under a security manager. Typically, the directory listing that would be
exposed would be for $CATALINA_BASE/webapps.

Mitigation:
Users of affected versions should apply one of the following mitigations
- - Upgrade to Apache Tomcat 8.0.27 or later
- - Upgrade to Apache Tomcat 7.0.65 or later
- - Upgrade to Apache Tomcat 6.0.45 or later


Credit:
This issue was discovered by the Apache Tomcat security team.

References:
[1] http://tomcat.apache.org/security-9.html
[2] http://tomcat.apache.org/security-8.html
[3] http://tomcat.apache.org/security-7.html
[4] http://tomcat.apache.org/security-6.html








-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWyu+JAAoJEBDAHFovYFnnubgQAICDB8mbxG4KbSDT1YAcqjJd
lToWRjRKVd0UzIaOZFUmqV0Ap7o181xMfQpSfGZSAAukF7+zTcX33O+cklTkZaw/
yjprJSI942enkWlGygiJxIH8DUadGa62iTMyhXmpqLqkD5ura5sSNEdzir7aEnUw
P8vLdpmfbdUqNn9Qv1L27btm5+lU6OU+I8nBTB5ESyDxjhVrpc1d8GVcRaXh0mU4
56oeIAJg7O9ozXrIQa692K4pAV+VqZFb52Vwk3XiNENn0VjwM2W7PAqy+vtAfkLt
wt5SDVjoXuCW1jBTjTU+hmxzDziN0WzgVMgFsSVZg0lyU/H837e/bOOmNVA1dfGD
F6Ln40a1eYkZQ6eXK9SPmz36OnU/akM3+rcDEz9e9spvbe/c4oH5T3/yZwmsONSO
4G+9JyMCg/YKWl2+YIJSGGxO1khaLbXZvyvVwkpq0IzJZ/ZhTp7BQY+DYb4axVY3
QLBx6/XzoIRfLxf1lpvUakGw8P/0y2BPHRa+3b0WDJSElD4H6KAQd+q5vb1eyK6+
0bNPLYd9AyxYwaIuZMk2WtT+pQO0R3Ao6mVBNFk8K/YJj7msMsS4feI76I2LYLT0
WCLKWb/noO8oPmjYk6a7AZKncT9nASN+rCfbXedw6F+COxfVjuddbttsGza2oH7o
NKmM5mCdDfQztF3uOTnu
=aYIY
-----END PGP SIGNATURE-----


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com