Main Vulnerability Database SB2021030549

SB2021030549 - openEuler 20.03 LTS SP1 update for tomcat

Published: March 5, 2021

Security Bulletin ID SB2021030549

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2021-24122)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to JSP source code disclosure in some configurations, when serving resources from a network location using the NTFS file system. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.A remote attacker can send a specially crafted request to the application and view the JSP source code.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1075

SB2021030549 - openEuler 20.03 LTS SP1 update for tomcat

Breakdown by Severity

Description

Remediation

References

Please verify you're human