漏洞类别:Web server漏洞等级: 
漏洞信息
Apache's Tomcat, a Servlet and JSP engine, is a subproject of the Jakarta Project. In a Windows NT environment, Apache Tomcat could be led to traverse the normal directory structure and return requested files from outside of the document root.
漏洞危害
By including '/../' sequences in requested URLs, a remote user can obtain read access to directories and files outside of the document root, potentially compromising the privacy of user data and/or obtaining sensitive information, which could be used to further compromise the host.
解决方案
It has been reported that Tomcat Version 3.2.2b2 (and later) is not vulnerable to this issue. You can download the latest version from the following link:
http://jakarta.apache.org/builds/jakarta-tomcat/release/
0day
文章评论