[NT] Apache Tomcat Path Disclosure
From: support@securiteam.comDate: 06/20/02
- Previous message: support@securiteam.com: "[NT] Lumigent Log Explorer Extended Stored Procedures Buffer Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Thu, 20 Jun 2002 07:41:15 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Apache Tomcat Path Disclosure
------------------------------------------------------------------------
SUMMARY
A security vulnerability in Apache's Tomcat makes it is possible to
disclose the physical path of the webroot. This information could be
useful to a malicious user wishing to gain illegal access to resources on
the server.
DETAILS
Vulnerable systems:
- Apache Tomcat 4.0.3 on Windows 2000 Server
Immune systems:
- Apache Tomcat 4.1.3 beta on Windows 2000 Server
A request for e.g. LPT9 results in a java error, which contains the
physical path to the webroot:
"java.io.FileNotFoundException: C:\Program Files\Apache Tomcat
4.0\webapps\ROOT\lpt9 (The system cannot find the file specified)"
Vendor Response:
This was reported to the vendor on the 23rd of May, 2002. We never heard
back from the vendor. On the 10th of June, 2002, the issue was confirmed
fixed in the latest build.
Corrective action:
Upgrade to V4.1.3 beta, which is available here (URL is wrapped):
<http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.3-beta/>
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.3-beta/
ADDITIONAL INFORMATION
The information has been provided by <mailto:pgrundl@kpmg.dk> Peter
Gründl.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Lumigent Log Explorer Extended Stored Procedures Buffer Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [NT] BEA WebLogic Performance Pack Denial of Service
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... If the performance pack
is enabled, the BEA WebLogic Server can be crashed ... Vendor response: ...
(Securiteam) - Re: TS access and Virus issue
... > I have a vendor that wants to have access to an application on my server, ...
This is a financial database that the vendor would be ... > also worried about overall
security on the vendor site, ... You do have a firewall don't ... (microsoft.public.win2000.security) - TS access and Virus issue
... I have a vendor that wants to have access to an application on my server, ...
Is my concern about viruses valid, or do I have nothing to worry about? ... to my server
and he has security breach then my security is breached also.. ... (microsoft.public.win2000.security) - [Full-disclosure] Directory Listing in Apache Tomcat 5.x.x
... ScanAlert Security Advisory ... Apache Tomcat is the servlet container
that is used in the official ... Apache Tomcat can be forced to reveal a complete directory
listing for any ... ScanAlert's mission is to make the web safe from hackers. ...
(Full-Disclosure) - [Full-disclosure] Directory Listing in Apache Tomcat 5.x.x
... ScanAlert Security Advisory ... Apache Tomcat is the servlet container
that is used in the official ... Apache Tomcat can be forced to reveal a complete directory
listing for any ... ScanAlert's mission is to make the web safe from hackers. ...
(Full-Disclosure)