Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Apache HTTP Server Tomcat Directory Traversal Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
Tomcat
by:
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Tomcat
Affected Version From: 5.0 series prior to 5.5.22 and 6.0 series prior to 6.0.10
Affected Version To:
Patch Exists: YES
Related CWE: CVE-2007-0450
CPE: a:apache:tomcat
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0602/https://www.rapid7.com/db/vulnerabilities/hpux-cve-2007-1860/https://www.rapid7.com/db/vulnerabilities/apple-osx-tomcat-cve-2007-1860/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2007-1860/https://www.rapid7.com/db/vulnerabilities/suse-cve-2007-1860/https://www.rapid7.com/db/vulnerabilities/freebsd-vid-d9405748-1342-11dc-a35c-001485ab073e/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0261/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2007-0450/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2007-0327/https://www.rapid7.com/db/vulnerabilities/suse-cve-2007-0450/https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2007-0327/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2007-1069/https://www.rapid7.com/db/vulnerabilities/apple-osx-tomcat-cve-2007-0450/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2007-0328/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2007-0360/https://www.rapid7.com/db/vulnerabilities/apache-tomcat-cve-2007-0450/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2007-0326/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2007-0340/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0524/
Other Scripts:
Platforms Tested:

Apache HTTP Server Tomcat Directory Traversal Vulnerability

The Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability. This vulnerability occurs due to the insufficient sanitization of user-supplied input data. Exploiting this issue allows attackers to access arbitrary files in the Tomcat webroot, potentially exposing sensitive information that could aid in launching further attacks.

Mitigation:

Upgrade to Apache Tomcat version 5.5.22 or later for the 5.0 series, or version 6.0.10 or later for the 6.0 series.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22960/info

Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue allows attackers to access arbitrary files in the Tomcat webroot. This can expose sensitive information that could help the attacker launch further attacks.

Versions in the 5.0 series prior to 5.5.22 and in the 6.0 series prior to 6.0.10 are vulnerable. 

http://www.example.com/foo/\../manager/html

Navigation

Suggest Exploit

Services By CQR