Detections
Analytics
Apache Tomcat allowLinking UTF-8 Traversal Arbitrary File Access
medium Nessus Plugin ID 33866
Language:
Synopsis
The remote web server is affected by a directory traversal vulnerability.Description
The version of Apache Tomcat running on the remote host is affected by a directory traversal vulnerability due to an issue with the UTF-8 charset implementation within the underlying JVM. An unauthenticated, remote attacker can exploit this, by encoding directory traversal sequences as UTF-8 in a request, to view arbitrary files on the remote host.Note that successful exploitation requires that a context be configured with 'allowLinking' set to 'true' and the connector with 'URIEncoding' set to 'UTF-8', neither of which is a default setting.
Solution
Upgrade to Tomcat 6.0.18 / 5.5.27 / 4.1.SVN or later.See Also
https://www.securityfocus.com/archive/1/495318/30/0/threaded
https://www.securityfocus.com/archive/1/496168/30/0/threaded
https://www.securityfocus.com/archive/1/499356/30/0/threaded
http://tomcat.apache.org/security-6.html
Plugin Details
Severity: Medium
ID: 33866
File Name: tomcat_utf8_dir_traversal.nasl
Version: 1.28
Type: remote
Family: CGI abuses
Published: 8/12/2008
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 2.9
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Temporal Score: 4.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:apache:tomcat
Required KB Items: installed_sw/Apache Tomcat
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Exploited by Nessus: true
Patch Publication Date: 8/11/2008
Exploitable With
CANVAS (D2ExploitPack)
Elliot (Apache Tomcat File Disclosure)
Reference Information
CVE: CVE-2008-2938
BID: 30633
CWE: 22