Check Point Advisories

Preemptive Protection against Apache Tomcat allowLinking URIencoding Directory Traversal Vulnerability

Check Point Reference: CPAI-2008-134
Date Published: 19 Aug 2008
Severity: High
Last Updated: Friday 22 August, 2008
Source: Apache Tomcat
Industry Reference:CVE-2008-2938
Protection Provided by:
Who is Vulnerable? Apache Software Foundation Tomcat Prior to 6.0.18
Vulnerability Description A directory traversal vulnerability was reported in Apache Tomcat. Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages technologies, and is a popular and common platform for deploying web applications. This vulnerability allows a hacker to access normally-inaccessible files and directories through a specially-created HTTP request. Instead of having access only to the publically-available files, the hacker can have access to all files on that server using this vulnerability.

Update/Patch AvaliableUpdate to version 6.0.18:
Apache Tomcat
Vulnerability DetailsThe vulnerability is due to an input validation error in the Apache Tomcat that fails to properly sanitize the URI for directory traversal patterns. A remote attacker may trigger this issue by specially crafting an HTTP request and sending it to an affected server. Successful exploitation of this vulnerability may allow the attacker to disclose or access arbitrary files on the target system.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.