Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. Effects Algo Risk Application
CVE(s): CVE-2015-5174
Affected product(s) and affected version(s):
Versions 4.9.0 to 4.9.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2aA9yhG
X-Force Database: http://ift.tt/1rhWylT
from IBM Product Security Incident Response Team http://ift.tt/2aAahPX
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.