|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
Keywords |
HPSBUX02262,SSRT071447
|
|
Description |
Apache Tomcat JK Web Server Connector contains a flaw that allows a remote attacker to access files on the AJP backend outside of the web root. The issue is due to a failure of handling double encoded ".." in a URL, specifically directory traversal style attacks.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Confidentiality
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to version 1.2.23 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
Tomcat JK Web Server Connector
 |
1.2.22 |
1.2.21 |
1.2.20 |
1.2.19 |
1.2.18 |
1.2.17 |
1.2.16 |
1.2.15 |
1.2.14 |
1.2.13 |
1.2.12 |
1.2.11 |
1.2.10 |
1.2.9 |
1.2.8 |
1.2.7 |
1.2.6 |
1.2.5 |
1.2.4 |
1.2.3 |
1.2.2 |
1.2.1 |
1.2.0 |
|
|
|
|
|
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
