OSVDB ID: 71558

Title: Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation

Info

Disclosure
Feb 08, 2011

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Feb 07, 2011

Description

 Apache Tomcat contains a flaw that allows a local attacker to traverse outside of a restricted path. The issue is due to the 'SecurityManager' not properly making the 'ServletContext' attribute read-only, allowing for directory traversal style attacks (e.g., ../../). This directory traversal attack would allow the attacker to manipulate arbitrary files.

Classification

 Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

 Upgrade to version 5.5.33, 6.0.32, 7.0.8 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

The Apache Software Foundation

Tomcat

 5.5.0
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
5.5.6
5.5.7
5.5.8
5.5.9
5.5.10
5.5.11
5.5.12
5.5.13
5.5.14
5.5.15
5.5.16
5.5.17
5.5.18
5.5.19
5.5.20
5.5.21
5.5.22
5.5.23
5.5.24
5.5.25
5.5.26
5.5.27
5.5.28
5.5.29
5.5.30
5.5.31
5.5.32
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
6.0.10
6.0.11
6.0.12
6.0.13
6.0.14
6.0.15
6.0.16
6.0.17
6.0.18
6.0.19
6.0.20
6.0.21
6.0.22
6.0.23
6.0.24
6.0.25
6.0.26
6.0.27
6.0.28
6.0.29
6.0.30
6.0.31
7.0.0
7.0.1
7.0.2
7.0.3
7.0.4
7.0.5
7.0.6
7.0.7

Novell, Inc.

Sentinel Log Manager

 1.2.0.0

Hewlett-Packard Development Company, L.P.

HP-UX

 B.11.23
B.11.31

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/71558