You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Wen Liu <we...@ericsson.com> on 2013/04/18 15:14:50 UTC
Tomcat security vulnerability/ or security config issue
Howdy,
I have a issue with Tomcat security, please find the spec below:
Server version: Apache Tomcat/6.0.35
Server built: Nov 28 2011 11:20:06
Server number: 6.0.35.0
OS Name: SunOS
OS Version: 5.10
Architecture: x86
JVM Version: 1.6.0_33-b03
JVM Vendor: Sun Microsystems Inc.
For the problematic server, all files on the server are exposed to all users through http://<masterservice_IP>:8080/consistencycheck/servlet/TransformXML?xmlUrl=../../../../../<location_of_the_file>
i.e. open Chrome, give http://10.45.224.55:8080/consistencycheck/servlet/TransformXML?xmlUrl=../../../../../var/adm/messages and press enter to see the server system log..
It happens with any browsers..
I was wondering if it is a security vulnerability of Tomcat 6.0.35, or it is a service config issue.. Can someone please have a look?..
Please let me know if any further info required..
Thanks & Regards,
Wen
RE: Tomcat security vulnerability/ or security config issue
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: David kerber [mailto:dckerber@verizon.net]
> Subject: Re: Tomcat security vulnerability/ or security config issue
> If things are configured properly, web users won't be able to see
> anything outside your app hierarchy, so something clearly isn't set up
> properly.
This has little to do with configuration - it's the particular webapp (consistencycheck) that is blindly trusting whatever is fed to it from the outside world, and using that as a path into the local file system. A SecurityManager _may_ be able to stop it, but if the site has deployed such a dangerous webapp, it's likely they would grant excessive privileges to it as well.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat security vulnerability/ or security config issue
Posted by David kerber <dc...@verizon.net>.
If things are configured properly, web users won't be able to see
anything outside your app hierarchy, so something clearly isn't set up
properly.
On 4/18/2013 9:14 AM, Wen Liu wrote:
>
>
> Howdy,
>
> I have a issue with Tomcat security, please find the spec below:
>
> Server version: Apache Tomcat/6.0.35
> Server built: Nov 28 2011 11:20:06
> Server number: 6.0.35.0
> OS Name: SunOS
> OS Version: 5.10
> Architecture: x86
> JVM Version: 1.6.0_33-b03
> JVM Vendor: Sun Microsystems Inc.
>
>
> For the problematic server, all files on the server are exposed to all users through http://<masterservice_IP>:8080/consistencycheck/servlet/TransformXML?xmlUrl=../../../../../<location_of_the_file>
>
> i.e. open Chrome, give http://10.45.224.55:8080/consistencycheck/servlet/TransformXML?xmlUrl=../../../../../var/adm/messages and press enter to see the server system log..
>
> It happens with any browsers..
>
> I was wondering if it is a security vulnerability of Tomcat 6.0.35, or it is a service config issue.. Can someone please have a look?..
>
> Please let me know if any further info required..
>
>
> Thanks& Regards,
>
> Wen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat security vulnerability/ or security config issue
Posted by Mark Thomas <ma...@apache.org>.
On 18/04/2013 14:14, Wen Liu wrote:
>
>
> Howdy,
>
> I have a issue with Tomcat security, please find the spec below:
>
> Server version: Apache Tomcat/6.0.35
> Server built: Nov 28 2011 11:20:06
> Server number: 6.0.35.0
> OS Name: SunOS
> OS Version: 5.10
> Architecture: x86
> JVM Version: 1.6.0_33-b03
> JVM Vendor: Sun Microsystems Inc.
>
>
> For the problematic server, all files on the server are exposed to all users through http://<masterservice_IP>:8080/consistencycheck/servlet/TransformXML?xmlUrl=../../../../../<location_of_the_file>
>
> i.e. open Chrome, give http://10.45.224.55:8080/consistencycheck/servlet/TransformXML?xmlUrl=../../../../../var/adm/messages and press enter to see the server system log..
>
> It happens with any browsers..
>
> I was wondering if it is a security vulnerability of Tomcat 6.0.35, or it is a service config issue.. Can someone please have a look?..
>
> Please let me know if any further info required..
That is an application vulnerability, not a Tomcat vulnerability.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org