Apache
Tomcat is a HTTP web server. It is an implementation of the Java
Servlet and JavaServer Pages technologies. It provides the servlet
container used in development and deployment of Java based web
applications.Recently there
is a vulnerability found in it that allows the remote attacker
to perform directory traversal attack.
When server uses
the
RequestDispatcher, it performs path normalization before removing the
query string from the URI. So, remote attacker can conduct the
directory traversal attack via crafting the URI having specially
crafted request parameter and gain access to the
content protected
by a security constraint or by locating it in under the WEB-INF
directory.
For
example:- If a web page contains some code as follows:-
<%
pageContext.forward("/page2.jsp?somepar=someval&par="+request.getParamet
er("arbitraryname"));
%>
Here, an attacker
can use the following type of URI to conduct the attack:-
http://websitename/page.jsp?arbitraryname=/../WEB-INF/web.xml
|
