1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: HTTP Apache Tomcat UTF-8 Dir Traversal CVE-2008-2938

Attack: HTTP Apache Tomcat UTF-8 Dir Traversal CVE-2008-2938

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.

Description

This signature detects attempt to exploit a directory traversal vulnerability by sending UTF-8 encoded characters in URL to Apache Tomcat.

Additional Information

Apache Tomcat is a Java-based webserver application for multiple operating systems.

The application is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks. Note that successful exploitation requires 'allowLinking' field to be enabled, and the 'URIencoding' field to be set to 'UTF-8' in the 'server.xml' or 'context.xml' files.

Affected

  • Tomcat 4.1.0 to 4.1.37
  • Tomcat 5.5.0 to 5.5.26
  • Tomcat 6.0.0 to 6.0.17

Response

Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube