Rapid7 VulnDB

Tomcat UTF-8 Directory Traversal Vulnerability

Back to Search

Tomcat UTF-8 Directory Traversal Vulnerability

Disclosed
01/09/2009
Created
05/30/2018

Description

This module tests whether a directory traversal vulnerability is present in versions of Apache Tomcat 4.1.0 - 4.1.37, 5.5.0 - 5.5.26 and 6.0.0 - 6.0.16 under specific and non-default installations. The connector must have allowLinking set to true and URIEncoding set to UTF-8. Furthermore, the vulnerability actually occurs within Java and not Tomcat; the server must use Java versions prior to Sun 1.4.2_19, 1.5.0_17, 6u11 - or prior IBM Java 5.0 SR9, 1.4.2 SR13, SE 6 SR4 releases. This module has only been tested against RedHat 9 running Tomcat 6.0.16 and Sun JRE 1.5.0-05. You may wish to change FILE (hosts,sensitive files), MAXDIRS and RPORT depending on your environment.

Author(s)

  • aushack <patrick@osisecurity.com.au>
  • guerrino <ruggine> di massa

Development

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use auxiliary/admin/http/tomcat_utf8_traversal
msf auxiliary(tomcat_utf8_traversal) > show actions
    ...actions...
msf auxiliary(tomcat_utf8_traversal) > set ACTION < action-name >
msf auxiliary(tomcat_utf8_traversal) > show options
    ...show and set options...
msf auxiliary(tomcat_utf8_traversal) > run 

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security

;