Apache Tomcat 5.x/6.0.x - Directory Traversal

EDB-ID:

29739




Platform:

Linux

Date:

2007-03-14


source: https://www.securityfocus.com/bid/22960/info

Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue allows attackers to access arbitrary files in the Tomcat webroot. This can expose sensitive information that could help the attacker launch further attacks.

Versions in the 5.0 series prior to 5.5.22 and in the 6.0 series prior to 6.0.10 are vulnerable. 

http://www.example.com/foo/\../manager/html