Apache Tomcat RequestDispatcher Directory Traversal Arbitrary File Access

medium Nessus Plugin ID 39447

Synopsis

The remote web server is affected by a directory traversal vulnerability.

Description

According to its self-reported version number, the remote host is running a vulnerable version of Apache Tomcat. Due to a bug in a RequestDispatcher API, target paths are normalized before the query string is removed, which could result in directory traversal attacks.
This allows a remote attacker to view files outside of the web application's root.

Solution

Upgrade to versions 6.0.20 / 5.5.28 / 4.1.40 or later. Alternatively, apply the patches referenced in the vendor advisory.

See Also

http://www.nessus.org/u?b5bdbccf

https://marc.info/?l=tomcat-user&m=124449799021571&w=2

http://tomcat.apache.org/security-6.html

http://tomcat.apache.org/security-5.html

http://tomcat.apache.org/security-4.html

Plugin Details

Severity: Medium

ID: 39447

File Name: tomcat_requestdispatcher_dir_traversal.nasl

Version: 1.28

Type: remote

Family: CGI abuses

Published: 6/18/2009

Updated: 5/6/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2008-5515

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:tomcat:4, cpe:/a:apache:tomcat:5, cpe:/a:apache:tomcat:6

Required KB Items: installed_sw/Apache Tomcat

Exploit Ease: No exploit is required

Patch Publication Date: 6/8/2009

Vulnerability Publication Date: 6/8/2009

Reference Information

CVE: CVE-2008-5515

BID: 35263

CWE: 22

Secunia: 35326