HTTP: Apache Tomcat Server Directory Traversal
This signature detects attempts to exploit a known vulnerability against Apache Tomcat. Attackers can traverse directories on the server resulting in the attacker accessing areas of the system otherwise unintended to be accessed externally.
Extended Description
Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows attackers to access arbitrary files in the Tomcat webroot. This can expose sensitive information that could help the attacker launch further attacks. Versions in the 5.0 series prior to 5.5.22 and in the 6.0 series prior to 6.0.10 are vulnerable.
Affected Products
Apache_software_foundation tomcat
Short Name
HTTP:TOMCAT:DIR-TRAV
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Apache CVE-2007-0450 CVE-2013-1605 Directory Server Tomcat Traversal bid:22960 bid:67244
Release Date
07/21/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Apache_software_foundation
Red_hat
Suse
Apple
Gentoo
Sun
Computer_associates
Avaya
Fujitsu
Mandriva
Vmware
CVSS Score
7.5
5.0