Vulnerability in Apache Tomcat v3.23 & v3.24 (part 2)From: firstname.lastname@example.org
- Previous message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-02:27.rc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 May 2002 13:32:29 -0000 From: <email@example.com> To: firstname.lastname@example.org('binary' encoding is not supported, stored as-is)
Procheckup Security Bulletin PR02-06
Description: Tomcat realPath.jsp gives location of web
Application: Apache Tomcat Java server versions 3.23 and
Severity: Remote attackers can obtain the location of
Authors: Richard Brain [email@example.com]
CVE Candidate: Not assigned
Tomcat is the free opensource Java server,
A example program is provided with tomcat under the
http://webserver/test directory which gives the location of
The test page of "http://webserver/test" displays the
following message :-
"This is the home page of the test hierarchy. It doesn't do
too much good to look at it directly... Instead, why don't
you run the tests to find out what you might want to know.
Oh, by the way, merry christmas.. :)"
The vulnerabilities may only work on port 8080 rather than
port 80, dependant on how the webserver has been configured
A) Requesting the following url :-
Displays the following:-
The virtual path is /test/realPath.jsp
The real path is "WEBROOT"/test/test/realPath.jsp
The real path is "WEBROOT"/test/realPath.jsp
Delete the realPath.jsp program.
Copyright 2002 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this
to the Internet community for the purpose of alerting
them to problems
, if and only if, the Bulletin is not edited or changed
in any way,
is attributed to Procheckup, and provided such
distribution is performed for non-commercial purposes.
Any other use of this information is prohibited.
Procheckup is not
liable for any misuse of this information by any third