vendor:
Apache Tomcat
by:
h3rcul3s
5.5
CVSS
MEDIUM
Remote File Disclosure
CWE
Product Name: Apache Tomcat
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Apache Tomcat Remote File Disclosure Zeroday Xploit – With support for SSL
This exploit allows an attacker to disclose files remotely on an Apache Tomcat server. It supports SSL connections and requires valid login credentials and webdav access. The exploit is written in Perl.
Mitigation:
To mitigate this vulnerability, ensure that proper access controls are in place for webdav and limit access to sensitive files.