Description As Apache Security Team, this problem occurs because of JAVA side. If your context.xml or server.xml allows ‘allowLinking’and ‘URIencoding’ as ‘UTF-8′, an attacker can obtain your important system files.(e.g. /etc/passwd)
Exploit If your webroot directory has three depth(e.g /usr/local/wwwroot), An attacker can access arbitrary files as below. (Proof-of-concept) http://www.target.com/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/foo/bar
Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability.
Anche se questo mi sembra un tantinello più pericoloso IMHO!
Nessun post correlato.
