Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:TOMCAT:XPL-FILE-DISC

Severity

 Medium

Recommended

 No

Category

 HTTP

Keywords

 Tomcat XPL File Disclosure

Release Date

 2008/03/19

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Tomcat XPL File Disclosure


This signature detects attempts to exploit a known vulnerability against Tomcat. A successful attack can lead to arbitrary file disclosure.

Extended Description

Apache Tomcat is prone to a remote information-disclosure vulnerability Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server.

Affected Products

  • Apache Software Foundation Geronimo 1.0.0
  • Apache Software Foundation Geronimo 1.0.1
  • Apache Software Foundation Geronimo 1.1.0
  • Apache Software Foundation Geronimo 2.0.1
  • Apache Software Foundation Geronimo 2.0.2
  • Apache Software Foundation Jakarta Slide 2.1
  • Apache Software Foundation Tomcat 4.0.0
  • Apache Software Foundation Tomcat 4.0.0 RC2
  • Apache Software Foundation Tomcat 4.0.1
  • Apache Software Foundation Tomcat 4.0.2
  • Apache Software Foundation Tomcat 4.0.3
  • Apache Software Foundation Tomcat 4.0.4
  • Apache Software Foundation Tomcat 4.0.5
  • Apache Software Foundation Tomcat 4.0.6
  • Apache Software Foundation Tomcat 4.0.7
  • Apache Software Foundation Tomcat 4.1.0
  • Apache Software Foundation Tomcat 4.1.10
  • Apache Software Foundation Tomcat 4.1.12
  • Apache Software Foundation Tomcat 4.1.24
  • Apache Software Foundation Tomcat 4.1.31
  • Apache Software Foundation Tomcat 4.1.32
  • Apache Software Foundation Tomcat 4.1.34
  • Apache Software Foundation Tomcat 4.1.36
  • Apache Software Foundation Tomcat 4.1.37
  • Apache Software Foundation Tomcat 4.1.3 Beta
  • Apache Software Foundation Tomcat 4.1.9 Beta
  • Apache Software Foundation Tomcat 5.0
  • Apache Software Foundation Tomcat 5.0.0
  • Apache Software Foundation Tomcat 5.0.1
  • Apache Software Foundation Tomcat 5.0.10
  • Apache Software Foundation Tomcat 5.0.11
  • Apache Software Foundation Tomcat 5.0.12
  • Apache Software Foundation Tomcat 5.0.13
  • Apache Software Foundation Tomcat 5.0.14
  • Apache Software Foundation Tomcat 5.0.15
  • Apache Software Foundation Tomcat 5.0.16
  • Apache Software Foundation Tomcat 5.0.19
  • Apache Software Foundation Tomcat 5.0.2
  • Apache Software Foundation Tomcat 5.0.28
  • Apache Software Foundation Tomcat 5.0.3
  • Apache Software Foundation Tomcat 5.0.30
  • Apache Software Foundation Tomcat 5.0.31
  • Apache Software Foundation Tomcat 5.0.4
  • Apache Software Foundation Tomcat 5.0.5
  • Apache Software Foundation Tomcat 5.0.6
  • Apache Software Foundation Tomcat 5.0.7
  • Apache Software Foundation Tomcat 5.0.8
  • Apache Software Foundation Tomcat 5.0.9
  • Apache Software Foundation Tomcat 5.1.0
  • Apache Software Foundation Tomcat 5.2.0
  • Apache Software Foundation Tomcat 5.3.0
  • Apache Software Foundation Tomcat 5.4.0
  • Apache Software Foundation Tomcat 5.5.0
  • Apache Software Foundation Tomcat 5.5.1
  • Apache Software Foundation Tomcat 5.5.10
  • Apache Software Foundation Tomcat 5.5.11
  • Apache Software Foundation Tomcat 5.5.12
  • Apache Software Foundation Tomcat 5.5.13
  • Apache Software Foundation Tomcat 5.5.14
  • Apache Software Foundation Tomcat 5.5.15
  • Apache Software Foundation Tomcat 5.5.16
  • Apache Software Foundation Tomcat 5.5.17
  • Apache Software Foundation Tomcat 5.5.18
  • Apache Software Foundation Tomcat 5.5.19
  • Apache Software Foundation Tomcat 5.5.2
  • Apache Software Foundation Tomcat 5.5.20
  • Apache Software Foundation Tomcat 5.5.21
  • Apache Software Foundation Tomcat 5.5.22
  • Apache Software Foundation Tomcat 5.5.23
  • Apache Software Foundation Tomcat 5.5.24
  • Apache Software Foundation Tomcat 5.5.3
  • Apache Software Foundation Tomcat 5.5.4
  • Apache Software Foundation Tomcat 5.5.5
  • Apache Software Foundation Tomcat 5.5.6
  • Apache Software Foundation Tomcat 5.5.7
  • Apache Software Foundation Tomcat 5.5.8
  • Apache Software Foundation Tomcat 5.5.9
  • Apache Software Foundation Tomcat 6.0.0
  • Apache Software Foundation Tomcat 6.0.1
  • Apache Software Foundation Tomcat 6.0.10
  • Apache Software Foundation Tomcat 6.0.11
  • Apache Software Foundation Tomcat 6.0.12
  • Apache Software Foundation Tomcat 6.0.13
  • Apache Software Foundation Tomcat 6.0.14
  • Apache Software Foundation Tomcat 6.0.2
  • Apache Software Foundation Tomcat 6.0.3
  • Apache Software Foundation Tomcat 6.0.4
  • Apache Software Foundation Tomcat 6.0.5
  • Apache Software Foundation Tomcat 6.0.6
  • Apache Software Foundation Tomcat 6.0.7
  • Apache Software Foundation Tomcat 6.0.8
  • Apache Software Foundation Tomcat 6.0.9
  • Apple Mac OS X 10.4.0
  • Apple Mac OS X 10.4.1
  • Apple Mac OS X 10.4.10
  • Apple Mac OS X 10.4.11
  • Apple Mac OS X 10.4.2
  • Apple Mac OS X 10.4.3
  • Apple Mac OS X 10.4.4
  • Apple Mac OS X 10.4.5
  • Apple Mac OS X 10.4.6
  • Apple Mac OS X 10.4.7
  • Apple Mac OS X 10.4.8
  • Apple Mac OS X 10.4.9
  • Apple Mac OS X Server 10.4.0
  • Apple Mac OS X Server 10.4.1
  • Apple Mac OS X Server 10.4.10
  • Apple Mac OS X Server 10.4.11
  • Apple Mac OS X Server 10.4.2
  • Apple Mac OS X Server 10.4.3
  • Apple Mac OS X Server 10.4.4
  • Apple Mac OS X Server 10.4.5
  • Apple Mac OS X Server 10.4.6
  • Apple Mac OS X Server 10.4.7
  • Apple Mac OS X Server 10.4.8
  • Apple Mac OS X Server 10.4.9
  • Apple Mac OS X Server 10.5.5
  • Avaya Aura Application Enablement Services 3.0
  • Avaya Aura Application Enablement Services 3.1
  • Avaya Aura Application Enablement Services 3.1.3
  • Avaya Aura Application Enablement Services 3.1.4
  • Avaya Aura Application Enablement Services 3.1.5
  • Avaya Aura Application Enablement Services 3.1.6
  • Avaya Aura Application Enablement Services 4.0
  • Avaya Aura Application Enablement Services 4.0.1
  • Avaya Aura Application Enablement Services 4.1
  • Avaya Aura Application Enablement Services 4.2
  • Avaya Aura Application Enablement Services 4.2.1
  • Avaya Meeting Exchange 5.0
  • Avaya Meeting Exchange 5.0.0.0.52
  • Avaya Meeting Exchange - Enterprise Edition
  • Debian Linux 4.0
  • Debian Linux 4.0 Alpha
  • Debian Linux 4.0 Amd64
  • Debian Linux 4.0 Arm
  • Debian Linux 4.0 Hppa
  • Debian Linux 4.0 Ia-32
  • Debian Linux 4.0 Ia-64
  • Debian Linux 4.0 M68k
  • Debian Linux 4.0 Mips
  • Debian Linux 4.0 Mipsel
  • Debian Linux 4.0 Powerpc
  • Debian Linux 4.0 S/390
  • Debian Linux 4.0 Sparc
  • Gentoo www-servers/tomcat 6.0.0
  • Gentoo www-servers/tomcat 6.0.1
  • Gentoo www-servers/tomcat 6.0.10
  • Gentoo www-servers/tomcat 6.0.11
  • Gentoo www-servers/tomcat 6.0.12
  • Gentoo www-servers/tomcat 6.0.13
  • Gentoo www-servers/tomcat 6.0.14
  • Gentoo www-servers/tomcat 6.0.15
  • Gentoo www-servers/tomcat 6.0.2
  • Gentoo www-servers/tomcat 6.0.3
  • Gentoo www-servers/tomcat 6.0.4
  • Gentoo www-servers/tomcat 6.0.5
  • Gentoo www-servers/tomcat 6.0.6
  • Gentoo www-servers/tomcat 6.0.7
  • Gentoo www-servers/tomcat 6.0.8
  • Gentoo www-servers/tomcat 6.0.9
  • IBM WebSphere Application Server Community Edition 1.0
  • IBM WebSphere Application Server Community Edition 1.0.0 1
  • IBM WebSphere Application Server Community Edition 1.0.1
  • IBM WebSphere Application Server Community Edition 1.0.1 1
  • IBM WebSphere Application Server Community Edition 1.0.1 2
  • IBM WebSphere Application Server Community Edition 1.1
  • IBM WebSphere Application Server Community Edition 1.1.0 1
  • IBM WebSphere Application Server Community Edition 1.1.0 2
  • IBM WebSphere Application Server Community Edition 2.0.0
  • IBM WebSphere Application Server Community Edition 2.0.0 1
  • Mandriva Linux Mandrake 2007.1
  • Mandriva Linux Mandrake 2007.1 X86 64
  • Mandriva Linux Mandrake 2008.0
  • Mandriva Linux Mandrake 2008.0 X86 64
  • Pardus Linux 2008
  • Red Hat Application Server AS4 2
  • Red Hat Application Server ES4 2
  • Red Hat Application Server WS4 2
  • Red Hat Certificate Server 7.3
  • Red Hat Developer Suite EL4 3
  • Red Hat Enterprise Linux 5 Server
  • Red Hat Enterprise Linux Desktop 5 Client
  • Red Hat Enterprise Linux Desktop Workstation 5 Client
  • Red Hat Fedora 7
  • Red Hat Network Satellite (for RHEL 3) 4.2
  • Red Hat Network Satellite (for RHEL 4) 4.2
  • Red Hat Red Hat Network Satellite (for RHEL 4) 5.1
  • Red Hat Red Hat Network Satellite Server 5.0.0
  • Sun Solaris 10 Sparc
  • Sun Solaris 10 X86
  • Sun Solaris 9 Sparc
  • Sun Solaris 9 X86
  • SuSE Linux 10.0 Ppc
  • SuSE Linux 10.0 X86
  • SuSE Linux 10.0 X86-64
  • SuSE Linux 10.1 Ppc
  • SuSE Linux 10.1 X86
  • SuSE Linux 10.1 X86-64
  • SuSE Linux Desktop 10
  • SuSE Linux Desktop 1.0.0
  • SuSE Linux Openexchange Server
  • SuSE Linux Personal 10.0.0 OSS
  • SuSE Linux Personal 10.1
  • SuSE Linux Personal 10.2
  • SuSE Linux Personal 10.2 X86 64
  • SuSE Linux Professional 10.0.0
  • SuSE Linux Professional 10.0.0 OSS
  • SuSE Linux Professional 10.1
  • SuSE Linux Professional 10.2
  • SuSE Linux Professional 10.2 X86 64
  • SuSE Novell Linux Desktop 1.0.0
  • SuSE Novell Linux Desktop 9.0.0
  • SuSE Novell Linux Desktop SDK 9.0.0
  • SuSE Novell Linux POS 9
  • SuSE Office Server
  • SuSE Open-Enterprise-Server 1
  • SuSE Open-Enterprise-Server 9.0.0
  • SuSE Open-Enterprise-Server
  • SuSE openSUSE 10.1
  • SuSE openSUSE 10.2
  • SuSE openSUSE 10.3
  • SuSE SUSE Linux Enterprise 10 SP1 DEBUGINFO
  • SuSE SUSE Linux Enterprise Desktop 10
  • SuSE SUSE Linux Enterprise Desktop 10 SP1
  • SuSE SUSE Linux Enterprise SDK 10
  • SuSE SUSE Linux Enterprise SDK 10 SP1
  • SuSE SUSE Linux Enterprise SDK 10.SP1
  • SuSE SUSE Linux Enterprise Server 10
  • SuSE SUSE Linux Enterprise Server 10 SP1
  • SuSE SUSE Linux Enterprise Server 10 SP2
  • SuSE SUSE Linux Enterprise Server 8
  • SuSE SUSE Linux Enterprise Server 9
  • SuSE SUSE Linux Enterprise Server 9 SP3
  • SuSE SuSE Linux Openexchange Server 4.0.0
  • SuSE SuSE Linux Open-Xchange 4.1.0
  • SuSE SUSE LINUX Retail Solution 8.0.0
  • SuSE SuSE Linux School Server for i386
  • SuSE SuSE Linux Standard Server 8.0.0
  • SuSE UnitedLinux 1.0.0
  • VMWare ESX Server 3.0.0
  • VMWare ESX Server 3.0.1
  • VMWare ESX Server 3.0.2
  • VMWare ESX Server 3.0.3
  • VMWare ESX Server 3.5
  • VMWare ESX Server 4.0
  • VMWare Server 2.0
  • VMWare Server 2.0.1
  • VMWare Server 2.0.2
  • VMWare vCenter 4.0
  • VMWare VirtualCenter 2.0.2
  • VMWare VirtualCenter 2.0.2 Update 1
  • VMWare VirtualCenter 2.0.2 Update 2
  • VMWare VirtualCenter 2.0.2 Update 3
  • VMWare VirtualCenter 2.0.2 Update 4
  • VMWare VirtualCenter 2.0.2 Update 5
  • VMWare VirtualCenter 2.5
  • VMWare VirtualCenter 2.5 Update 1
  • VMWare VirtualCenter 2.5 Update 2
  • VMWare VirtualCenter 2.5 Update 5
  • VMWare VirtualCenter Management Server 2
  • WiKID Systems WiKID Server 3.0.4

References

  • BugTraq: 26070
  • CVE: CVE-2007-5461
  • URL: http://www.milw0rm.com/exploits/4530

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out