[NT] Apache Tomcat Path Disclosure

From: support@securiteam.com
Date: 06/20/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Thu, 20 Jun 2002 07:41:15 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Apache Tomcat Path Disclosure
------------------------------------------------------------------------

SUMMARY

A security vulnerability in Apache's Tomcat makes it is possible to
disclose the physical path of the webroot. This information could be
useful to a malicious user wishing to gain illegal access to resources on
the server.

DETAILS

Vulnerable systems:
 - Apache Tomcat 4.0.3 on Windows 2000 Server

Immune systems:
 - Apache Tomcat 4.1.3 beta on Windows 2000 Server

A request for e.g. LPT9 results in a java error, which contains the
physical path to the webroot:

"java.io.FileNotFoundException: C:\Program Files\Apache Tomcat
4.0\webapps\ROOT\lpt9 (The system cannot find the file specified)"

Vendor Response:
This was reported to the vendor on the 23rd of May, 2002. We never heard
back from the vendor. On the 10th of June, 2002, the issue was confirmed
fixed in the latest build.

Corrective action:
Upgrade to V4.1.3 beta, which is available here (URL is wrapped):
 
<http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.3-beta/>
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.3-beta/

ADDITIONAL INFORMATION

The information has been provided by <mailto:pgrundl@kpmg.dk> Peter
Gründl.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages