header-logo
Suggest Exploit
vendor:
Tomcat
by:
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Tomcat
Affected Version From: 5.0 series prior to 5.5.22 and 6.0 series prior to 6.0.10
Affected Version To:
Patch Exists: YES
Related CWE: CVE-2007-0450
CPE: a:apache:tomcat
Other Scripts:
Platforms Tested:

Apache HTTP Server Tomcat Directory Traversal Vulnerability

The Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability. This vulnerability occurs due to the insufficient sanitization of user-supplied input data. Exploiting this issue allows attackers to access arbitrary files in the Tomcat webroot, potentially exposing sensitive information that could aid in launching further attacks.

Mitigation:

Upgrade to Apache Tomcat version 5.5.22 or later for the 5.0 series, or version 6.0.10 or later for the 6.0 series.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22960/info

Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue allows attackers to access arbitrary files in the Tomcat webroot. This can expose sensitive information that could help the attacker launch further attacks.

Versions in the 5.0 series prior to 5.5.22 and in the 6.0 series prior to 6.0.10 are vulnerable. 

http://www.example.com/foo/\../manager/html
cqrsecured