Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:TOMCAT:DIR-TRAV

Severity

 Medium

Recommended

 No

Category

 HTTP

Keywords

 Apache Tomcat Server Directory Traversal

Release Date

 2009/07/21

Update Number

 1465

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Apache Tomcat Server Directory Traversal


This signature detects attempts to exploit a known vulnerability against Apache Tomcat. Attackers can traverse directories on the server resulting in the attacker accessing areas of the system otherwise unintended to be accessed externally.

Extended Description

Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows attackers to access arbitrary files in the Tomcat webroot. This can expose sensitive information that could help the attacker launch further attacks. Versions in the 5.0 series prior to 5.5.22 and in the 6.0 series prior to 6.0.10 are vulnerable.

Affected Products

  • Apache Software Foundation Tomcat 5.0
  • Apache Software Foundation Tomcat 5.1.0
  • Apache Software Foundation Tomcat 5.2.0
  • Apache Software Foundation Tomcat 5.3.0
  • Apache Software Foundation Tomcat 5.4.0
  • Apache Software Foundation Tomcat 5.5.0
  • Apache Software Foundation Tomcat 5.5.1
  • Apache Software Foundation Tomcat 5.5.10
  • Apache Software Foundation Tomcat 5.5.11
  • Apache Software Foundation Tomcat 5.5.12
  • Apache Software Foundation Tomcat 5.5.13
  • Apache Software Foundation Tomcat 5.5.14
  • Apache Software Foundation Tomcat 5.5.15
  • Apache Software Foundation Tomcat 5.5.16
  • Apache Software Foundation Tomcat 5.5.17
  • Apache Software Foundation Tomcat 5.5.18
  • Apache Software Foundation Tomcat 5.5.19
  • Apache Software Foundation Tomcat 5.5.2
  • Apache Software Foundation Tomcat 5.5.20
  • Apache Software Foundation Tomcat 5.5.21
  • Apache Software Foundation Tomcat 5.5.22
  • Apache Software Foundation Tomcat 5.5.3
  • Apache Software Foundation Tomcat 5.5.4
  • Apache Software Foundation Tomcat 5.5.5
  • Apache Software Foundation Tomcat 5.5.6
  • Apache Software Foundation Tomcat 5.5.7
  • Apache Software Foundation Tomcat 5.5.8
  • Apache Software Foundation Tomcat 5.5.9
  • Apache Software Foundation Tomcat 6.0.1
  • Apache Software Foundation Tomcat 6.0.2
  • Apache Software Foundation Tomcat 6.0.3
  • Apache Software Foundation Tomcat 6.0.4
  • Apache Software Foundation Tomcat 6.0.5
  • Apache Software Foundation Tomcat 6.0.6
  • Apache Software Foundation Tomcat 6.0.7
  • Apache Software Foundation Tomcat 6.0.8
  • Apache Software Foundation Tomcat 6.0.9
  • Apple Mac OS X 10.3.9
  • Apple Mac OS X 10.4.10
  • Apple Mac OS X Server 10.3.9
  • Apple Mac OS X Server 10.4.10
  • Avaya Aura Application Enablement Services 3.1
  • Avaya Aura Application Enablement Services 4.0
  • Computer Associates Cohesion Application Configuration Manager 4.5
  • Fujitsu INTERSTAGE Application Server Enterprise Edition 6.0
  • Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0
  • Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0.1
  • Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.0
  • Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.2
  • Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.3
  • Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0.0
  • Fujitsu Interstage Application Server Plus 7.0
  • Fujitsu INTERSTAGE Application Server Plus Developer 6.0
  • Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.0
  • Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.2
  • Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.3
  • Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0.0
  • Fujitsu INTERSTAGE Apworks Modelers-J Edition 6.0
  • Fujitsu INTERSTAGE Apworks Modelers-J Edition 6.0A
  • Fujitsu INTERSTAGE Apworks Modelers-J Edition 7.0
  • Fujitsu INTERSTAGE Business Application Server Enterprise 8.0.0
  • Fujitsu INTERSTAGE Job Workload Server 8.1.0
  • Fujitsu INTERSTAGE Studio Enterprise Edition 8.0.1
  • Fujitsu INTERSTAGE Studio Enterprise Edition 9.0.0
  • Fujitsu INTERSTAGE Studio Standard-J Edition 8.0.1
  • Fujitsu INTERSTAGE Studio Standard-J Edition 9.0.0
  • Gentoo Linux
  • HP HP-UX B.11.11
  • HP HP-UX B.11.23
  • HP HP-UX B.11.31
  • Mandriva Linux Mandrake 2007.1
  • Mandriva Linux Mandrake 2007.1 X86 64
  • Mandriva Linux Mandrake 2008.0
  • Mandriva Linux Mandrake 2008.0 X86 64
  • Red Hat Certificate Server 7.3
  • Red Hat Enterprise Linux 5 Server
  • Red Hat Enterprise Linux Clustering 5 Server
  • Red Hat Enterprise Linux Cluster-Storage 5 Server
  • Red Hat Enterprise Linux Desktop 5 Client
  • Red Hat Enterprise Linux Desktop Multi OS 5 Client
  • Red Hat Enterprise Linux Desktop Supplementary 5 Client
  • Red Hat Enterprise Linux Desktop Workstation 5 Client
  • Red Hat Enterprise Linux Hardware Certification 5
  • Red Hat Enterprise Linux Optional Productivity Application 5 Server
  • Red Hat Enterprise Linux Supplementary 5 Server
  • Red Hat Enterprise Linux Virtualization 5 Server
  • Red Hat Network Satellite (for RHEL 3) 4.2
  • Red Hat Network Satellite (for RHEL 4) 4.2
  • Red Hat Red Hat Network Satellite Server 4.0
  • Red Hat Red Hat Network Satellite Server 4.1
  • Red Hat Red Hat Network Satellite Server 4.2
  • Red Hat Red Hat Network Satellite Server 5.0.0
  • Sun Solaris 10 Sparc
  • Sun Solaris 10 X86
  • Sun Solaris 9 Sparc
  • Sun Solaris 9 X86
  • SuSE Linux 10.0 Ppc
  • SuSE Linux 10.0 X86
  • SuSE Linux 10.0 X86-64
  • SuSE Linux 10.1 Ppc
  • SuSE Linux 10.1 X86
  • SuSE Linux 10.1 X86-64
  • SuSE Linux Personal 10.0.0 OSS
  • SuSE Linux Personal 10.1
  • SuSE Linux Personal 10.2
  • SuSE Linux Personal 10.2 X86 64
  • SuSE Linux Personal 9.3.0
  • SuSE Linux Personal 9.3.0 X86 64
  • SuSE Linux Professional 10.0.0
  • SuSE Linux Professional 10.0.0 OSS
  • SuSE Linux Professional 10.1
  • SuSE Linux Professional 10.2
  • SuSE Linux Professional 10.2 X86 64
  • SuSE Linux Professional 9.3.0
  • SuSE Linux Professional 9.3.0 X86 64
  • SuSE Novell Linux Desktop 9.0.0
  • SuSE Novell Linux POS 9
  • SuSE Open-Enterprise-Server 9.0.0
  • SuSE Open-Enterprise-Server
  • SuSE openSUSE 10.2
  • SuSE SUSE Linux Enterprise Desktop 10
  • SuSE SUSE Linux Enterprise Desktop 10 SP1
  • SuSE SUSE Linux Enterprise SDK 10
  • SuSE SUSE Linux Enterprise SDK 10.SP1
  • SuSE SUSE Linux Enterprise Server 10
  • SuSE SUSE Linux Enterprise Server 10 SP1
  • SuSE SUSE Linux Enterprise Server 8
  • SuSE SUSE Linux Enterprise Server 9
  • SuSE SUSE Linux Enterprise Server 9 SP3
  • SuSE SUSE Linux Enterprise Server SDK 9
  • SuSE SuSE Linux Openexchange Server 4.0.0
  • SuSE SUSE LINUX Retail Solution 8.0.0
  • SuSE SuSE Linux School Server for i386
  • SuSE SuSE Linux Standard Server 8.0.0
  • SuSE UnitedLinux 1.0.0
  • VMWare ESX Server 3.0.1
  • VMWare ESX Server 3.0.2
  • VMWare VirtualCenter Management Server 2

References

  • BugTraq: 22960
  • CVE: CVE-2007-0450
  • URL: http://secunia.com/advisories/cve_reference/cve-2007-0450/

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out