Signature Detail
Short Name |
HTTP:TOMCAT:REAL-PATH-REQ |
|---|---|
Severity |
Info |
Recommended |
No |
Category |
HTTP |
Keywords |
Apache Tomcat |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Tomcat realPath.jsp Malformed Request
This signature detects attempts to exploit a known vulnerability in realPath.jsp, an example program that ships by default with Apache Tomcat, a free open source Java server. Upon receiving a request, realPath.jsp displays the DocumentRoot directory of the Web server software. Attackers can use this information to perform targeted Web-based attacks, such as directory traversals.
Extended Description
Apache Tomcat is a freely available, open source web server maintained by the Apache Foundation. Under some circumstances, Tomcat may yield sensitive information about the web server configuration. When the realPath.jsp page is accessed, it may leak information. Upon being accessed, the realPath.jsp page will display the web root directory of the Tomcat implementation.
Affected Products
- Apache Software Foundation Tomcat 3.2.3
- Apache Software Foundation Tomcat 3.2.4
References
- BugTraq: 4878
- URL: http://online.securityfocus.com/archive/1/274627