#VU261 Limited directory traversal in Apache Tomcat and Oracle Linux - CVE-2015-5174
Vulnerability identifier: #VU261
Vulnerability risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-22
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Apache Tomcat
Server applications /
Web servers
Oracle Linux
Operating systems & Components /
Operating system
Vendor:
Apache Foundation
Oracle
Description
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to incorrect validation of paths in getResource(), getResourceAsStream() and getResourcePaths() methods within ServletContext. A local attacker can bypass security manager restrictions using directory traversal sequences and view directory listing outside the $CATALINA_BASE/webapps folder.
Successful exploitation of the vulnerability may allow a local attacker to obtain names of files and folder on vulnerable system.
Mitigation
Install the latest version Apache Tomcat 6.0.45, 7.0.65, 8.0.27
Vulnerable software versions
Apache Tomcat: 6.0.0 - 6.0.44, 7.0.0 - 7.0.64, 8.0.0 - 8.0.26
Oracle Linux: 10 - 11.3
Oracle Linux: 5 - 7
External links
https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.45
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.65
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.27
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
