Reputation: 273
Apache Tomcat examples directory vulnerabilities
I am facing Apache Tomcat examples directory vulnerabilities in one of the scenario, what I use the pattern '..;' in url relaive path as below: https://website.com/..;/manager/html as it's a servlet based application, The issue occurs when I use '..;' or any pattern preceded by '..;' https://website.com/..;..=../manager/html I can resolve it by settings of listings parameter in <CATALINA_HOME>\conf\web.xml'. Other than this resolution, how can we eliminate semicolon OR the patter '..;' in the URL.
Upvotes: 0
Views: 1679
Answers (1)
Reputation: 48087
You're running a version that was released in 2013 of a branch (6.0.x) that has reached its end of life in 2016. Since then, lots of security issues have been fixed.
The only sensible recommendation is to upgrade to a version that is still being maintained (eg Tomcat 9), and never again let yourself get so horribly behind the times again, especially on server side software.
You might want to try if 6.0.53 fixes this particular issue, but it is not a long term solution, just a quick way to try fixing this particular issue that you're aware of before you finally do a major version upgrade, to fix all of the issues that you're not aware of yet:
Upvotes: 2
Related Questions
- Folder issues with Tomcat 7 on Ubuntu
- Delete example folder in tomcat 8
- Tomcat doesn't work on specific directory
- Why doesn't tomcat see certain folders?
- Tomcat servlet mapping: why does examples directory in url and not in web.xml
- Tomcat secure folder in webapps
- Working directory of a Tomcat webapp
- directory structure in Tomcat 5(s)
- Tomcat Folder as Classpath?
- Accessing Tomcat directory path