Apache Tomcat Servlet Engine Directory Traversal
Gravità: : Medio
Identificatori CVE: CVE-2007-0450
Data notifica: 21 luglio 2015
Descrizione
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1000967
Trend Micro Deep Security DPI Rule Name: 1000967 - Apache Tomcat Servlet Engine Directory Traversal
Software e versione interessati:
- Apache Software Foundation Apache HTTP Server _null_
- Apache Software Foundation Tomcat 5.0.19
- Apache Software Foundation Tomcat 5.0.28
- Apache Software Foundation Tomcat 5.5.0
- Apache Software Foundation Tomcat 5.5.1
- Apache Software Foundation Tomcat 5.5.10
- Apache Software Foundation Tomcat 5.5.11
- Apache Software Foundation Tomcat 5.5.12
- Apache Software Foundation Tomcat 5.5.13
- Apache Software Foundation Tomcat 5.5.14
- Apache Software Foundation Tomcat 5.5.15
- Apache Software Foundation Tomcat 5.5.16
- Apache Software Foundation Tomcat 5.5.17
- Apache Software Foundation Tomcat 5.5.18
- Apache Software Foundation Tomcat 5.5.19
- Apache Software Foundation Tomcat 5.5.2
- Apache Software Foundation Tomcat 5.5.20
- Apache Software Foundation Tomcat 5.5.21
- Apache Software Foundation Tomcat 5.5.22
- Apache Software Foundation Tomcat 5.5.3
- Apache Software Foundation Tomcat 5.5.4
- Apache Software Foundation Tomcat 5.5.5
- Apache Software Foundation Tomcat 5.5.6
- Apache Software Foundation Tomcat 5.5.7
- Apache Software Foundation Tomcat 5.5.8
- Apache Software Foundation Tomcat 5.5.9
- Apache Software Foundation Tomcat 6.0.9