Bugtraq mailing list archives

Tomcat real path disclosure (2)

From: CHINANSL Security Team <lovehacker () chinansl com>
Date: 22 Apr 2002 07:06:50 -0000



Class:  default installation error
Remote: Yes
Local: Yes
Published: 2002-4-21
Vulnerable:  Tomcat 3.2.4&#12289;4.0.1&#12289;4.0.3 and so on

Discussion:
CHINANSL Security team discovered that there is a 
security problem in the condition of Tomcat web 
serve&#8217;s default installation. The customer can acquire 
the real path of Tomcat&#8217;s installation in the system by 
the two &#8220;servlet&#8221; documents which are installed by 
default. Therefore, more information is provided to the 
hacker&#8217;s attacks.
    An &#8220;examples&#8221; directory, existing in the default 
installed Tomcat, includes some examples of  &#8220;JSP&#8221; 
and &#8220;Servlet&#8221; that are provided by Tomcat for the 
customers. The attacker can gain much information 
(such as: the type of operating system,  Tomcat&#8217;s 
installation directory )from two of the documents 
(SnoopServlet&#12289;TroubleShooter) 
Note: we can&#8217;t find the two links of &#8220;SnoopServle&#8221; 
and &#8220;TroubleShooter&#8221; when we access  
http://localhost:8080/examples/servlets/index.html

Exploit:
http://localhost:8080/examples/servlet/SnoopServlet
http://localhost:8080/examples/servlet/TroubleShooter
All of these can gain the real installed directory of 
TOMCAT 

Solution:&#65306; 
Please delete the two documents 
(SnoopServlet.class&#12289;TroubleShooter.class)in the 
directory 
of &#8220;TOMCAT_HOME\webapps\examples\WEB-
INF\classes&#8221;

Reference:
This security advisory comes from CHINANSL 
TECHNOLOGY CO.,LTD. It can be transshipped. But 
please guarantee the completion of the article, 
otherwise we will pursue the rights of the law.
www.chinansl.com 
lovehacker () chinansl com

Current thread:

Tomcat real path disclosure (2) CHINANSL Security Team (Apr 22)