[14379] in bugtraq
Security bug in Apache project: Jakarta Tomcat
daemon@ATHENA.MIT.EDU (Jan Madsen)
Wed Mar 22 02:34:41 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Message-Id: <008301bf9392$b922d800$0100a8c0@cybersoft.dk>
Date: Wed, 22 Mar 2000 01:08:15 +0100
Reply-To: Jan Madsen <Jan.Madsen@SECURITYWORKERS.DK>
From: Jan Madsen <Jan.Madsen@SECURITYWORKERS.DK>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
The Apache project: Jakarta Tomcat contains a serius security bug.
Tomcat is used together with the Apache web server to serve Java Server
Pages and Java servlets.
Summary from the Tomcat development team advisory is posted below:
Advisory:
Delivered with Tomcat is an example (jsp/source.jsp) that can be used to
deliver the contents of any file on your machine.
Recommended action:
The simplest course of action is to simply remove this example from your
machine. Alternatively, you can replace the associated ShowSource.class file
with one from the current 3.1 beta.
Fixes:
Fixes have been made to the core of Tomcat to not allow any file references
to be resolved outside of the context being used for the resolution.
Additionally, a change has been made to ShowSource.java to disallow any
requests which contain the string "..".
The 3.1 beta 1 release has been refreshed with these fixes applied.
.........................................................................
...........................................................................
Med venlig hilsen/Best regards/Freundliche Gr|_e
Jan Madsen
S e c u r i t y w o r k e r s
Denmark
Tlf: (+45) 70 26 88 62
Fax: (+45) 70 26 88 63
http://www.securityworkers.com/
mailto:Jan.Madsen@securityworkers.dk
...........................................................................
.........................................................................
