In association with heise online

26 October 2007, 11:23

Updates for Apache Tomcat

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The latest versions of Apache Tomcat resolve a vulnerability which allows arbitrary file contents to be displayed on a system. According to a description by the Apache Foundation, a flaw in the WebDAV servlet can be exploited when the servlet is configured for use with contexts and write access. A specially crafted WebDAV request containing an absolute path in the SYSTEM-ENTITY tag can cause files outside the web server's root directory to be returned to the client.

A public exploit has already become available. Versions 4.1.0 to 4.1.SVN, 5.0.0 to 5.0.SVN, 5.5.0 to 5.5.25, and 6.0.0 to 6.0.14 are affected. The vulnerability was resolved in Apache Tomcat 5.5.SVN and 6.0.SVN. There is no update for versions 4.1.x.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit