No account yet?
Home » Exploits » Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability E-mail
Feeds - Exploits
Written by Stefano Di Paola of Minded Security Research Labs   
Wednesday, 11 March 2009 22:10
Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability


-\\Bugtraq ID:
30494

-\\Class:
Input Validation Error

-\\CVE:
CVE-2008-2370


-\\Remote:
Yes

-\\Local:
No

-\\Published:
Aug 01 2008 12:00AM

-\\Updated:
Mar 11 2009 05:46PM

-\\Credit:
Stefano Di Paola of Minded Security Research Labs



-\\Vulnerable:
WiKID Systems WiKID Server 3.0.4
VMWare VirtualCenter 2.0.2
VMWare VirtualCenter  2.5.Update 3 build 1
VMWare VirtualCenter  2.5.Update 3 build 1
VMWare VirtualCenter  2.5 Update 2
VMWare VirtualCenter  2.5 Update 1
VMWare VirtualCenter  2.5
VMWare ESX Server 3.0.3
VMWare ESX Server 3.0.2
VMWare ESX Server  3.5
Sun Solaris  9_x86
Sun Solaris  9
Sun Solaris  10.0_x86
Sun Solaris  10.0
Sun OpenSolaris  build snv_99
Sun OpenSolaris  build snv_96
Sun OpenSolaris  build snv_95
Sun OpenSolaris  build snv_92
Sun OpenSolaris  build snv_91
Sun OpenSolaris  build snv_90
Sun OpenSolaris  build snv_89
Sun OpenSolaris  build snv_88
Sun OpenSolaris  build snv_87
Sun OpenSolaris  build snv_86
Sun OpenSolaris  build snv_85
Sun OpenSolaris  build snv_84
Sun OpenSolaris  build snv_83
Sun OpenSolaris  build snv_82
Sun OpenSolaris  build snv_81
Sun OpenSolaris  build snv_80
Sun OpenSolaris  build snv_78
Sun OpenSolaris  build snv_77
Sun OpenSolaris  build snv_76
Sun OpenSolaris  build snv_68
Sun OpenSolaris  build snv_67
Sun OpenSolaris  build snv_64
Sun OpenSolaris  build snv_61
Sun OpenSolaris  build snv_59
Sun OpenSolaris  build snv_57
Sun OpenSolaris  build snv_50
Sun OpenSolaris  build snv_39
Sun OpenSolaris  build snv_36
Sun OpenSolaris  build snv_29
Sun OpenSolaris  build snv_22
Sun OpenSolaris  build snv_19
Sun OpenSolaris  build snv_13
Sun OpenSolaris  build snv_100
S.u.S.E. SUSE Linux Enterprise Server  10 SP2
S.u.S.E. openSUSE  11.0
S.u.S.E. openSUSE  10.3
S.u.S.E. openSUSE  10.2
RedHat Red Hat Network Satellite Server 5.0.1
RedHat Red Hat Network Satellite Server 5.0
RedHat Red Hat Network Satellite (for RHEL 4)  5.1
RedHat JBoss Enterprise Application Platform 4.2 EL5
RedHat JBoss Enterprise Application Platform 4.2 EL4
RedHat JBoss Enterprise Application Platform 4.2 CP03
RedHat JBoss Enterprise Application Platform 4.2
RedHat Fedora 9  0
RedHat Fedora 8  0
RedHat Enterprise Linux Desktop Workstation  5 client
RedHat Enterprise Linux Desktop  5 client
RedHat Enterprise Linux  5 server
RedHat Developer Suite AS4  3
RedHat Application Server WS4  2
RedHat Application Server ES4  2
RedHat Application Server AS4  2
Pardus Linux 2008  0
MandrakeSoft Linux Mandrake  2008.1 x86_64
MandrakeSoft Linux Mandrake  2008.1
MandrakeSoft Linux Mandrake  2008.0 x86_64
MandrakeSoft Linux Mandrake  2008.0
HP HP-UX  B.11.31
HP HP-UX  B.11.23
HP HP-UX  B.11.11
Avaya Meeting Exchange - Enterprise Edition  
Avaya Meeting Exchange 5.0 .0.52
Avaya Meeting Exchange  5.0
Avaya AES 4.2.1
Avaya AES 4.0.1
Avaya AES 3.1.6
Avaya AES 3.1.5
Avaya AES 3.1.4
Avaya AES 3.1.3
Avaya AES  4.2
Avaya AES  4.1
Avaya AES  4.0
Avaya AES  3.1
Avaya AES  3.0
Apple Mac OS X Server 10.5.5
Apache Software Foundation Tomcat 6.0.16
Apache Software Foundation Tomcat 6.0.15
Apache Software Foundation Tomcat 6.0.14
Apache Software Foundation Tomcat 6.0.13
Apache Software Foundation Tomcat 6.0.12
Apache Software Foundation Tomcat 6.0.11
Apache Software Foundation Tomcat 6.0.10
Apache Software Foundation Tomcat 6.0.9
Apache Software Foundation Tomcat 6.0.8
Apache Software Foundation Tomcat 6.0.7
Apache Software Foundation Tomcat 6.0.6
Apache Software Foundation Tomcat 6.0.5
Apache Software Foundation Tomcat 6.0.4
Apache Software Foundation Tomcat 6.0.3
Apache Software Foundation Tomcat 6.0.2
Apache Software Foundation Tomcat 6.0.1
Apache Software Foundation Tomcat 6.0
Apache Software Foundation Tomcat 5.5.26
Apache Software Foundation Tomcat 5.5.25
Apache Software Foundation Tomcat 5.5.24
Apache Software Foundation Tomcat 5.5.23
Apache Software Foundation Tomcat 5.5.22
Apache Software Foundation Tomcat 5.5.21
Apache Software Foundation Tomcat 5.5.20
Apache Software Foundation Tomcat 5.5.19
Apache Software Foundation Tomcat 5.5.18
Apache Software Foundation Tomcat 5.5.17
Apache Software Foundation Tomcat 5.5.17
Apache Software Foundation Tomcat 5.5.16
Apache Software Foundation Tomcat 5.5.15
Apache Software Foundation Tomcat 5.5.14
Apache Software Foundation Tomcat 5.5.13
Apache Software Foundation Tomcat 5.5.12
Apache Software Foundation Tomcat 5.5.11
Apache Software Foundation Tomcat 5.5.11
Apache Software Foundation Tomcat 5.5.10
Apache Software Foundation Tomcat 5.5.9
Apache Software Foundation Tomcat 5.5.8
Apache Software Foundation Tomcat 5.5.8
Apache Software Foundation Tomcat 5.5.7
Apache Software Foundation Tomcat 5.5.7
Apache Software Foundation Tomcat 5.5.6
Apache Software Foundation Tomcat 5.5.5
Apache Software Foundation Tomcat 5.5.4
Apache Software Foundation Tomcat 5.5.3
Apache Software Foundation Tomcat 5.5.2
Apache Software Foundation Tomcat 5.5.1
Apache Software Foundation Tomcat 5.5.1
Apache Software Foundation Tomcat 5.5
Apache Software Foundation Tomcat 4.1.37
Apache Software Foundation Tomcat 4.1.36
Apache Software Foundation Tomcat 4.1.36
Apache Software Foundation Tomcat 4.1.34
Apache Software Foundation Tomcat 4.1.34
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
Apache Software Foundation Tomcat 4.1.32
Apache Software Foundation Tomcat 4.1.31
Apache Software Foundation Tomcat 4.1.30
Apache Software Foundation Tomcat 4.1.29
Apache Software Foundation Tomcat 4.1.28
Apache Software Foundation Tomcat 4.1.24
Apache Software Foundation Tomcat 4.1.12
Apache Software Foundation Tomcat 4.1.10
Apache Software Foundation Tomcat 4.1.9 beta
Apache Software Foundation Tomcat 4.1.3 beta
Apache Software Foundation Tomcat 4.1.3
Apache Software Foundation Tomcat 4.1
Apache Software Foundation Tomcat 4.1
-BSDI BSD/OS 4.0
-Caldera OpenLinux 2.4
-Conectiva Linux 5.1
-Debian Linux 2.3
-Debian Linux 2.2
-Debian Linux 2.1
-Digital UNIX 4.0
-FreeBSD FreeBSD 5.0
-FreeBSD FreeBSD 4.5
-MandrakeSoft Linux Mandrake 7.1
-MandrakeSoft Linux Mandrake 7.0
-NetBSD NetBSD 1.4.2  x86
-NetBSD NetBSD 1.4.1  x86
-RedHat Linux 6.2  i386
-RedHat Linux 6.1  i386
-SGI IRIX 6.5
-SGI IRIX 6.4
-SGI IRIX 3.3
-Sun Solaris  8
-Sun Solaris  7.0



-\\Not Vulnerable:
WiKID Systems WiKID Server 3.0.5
Sun OpenSolaris  build snv_101
RedHat JBoss Enterprise Application Platform 4.2 CP04
Apache Software Foundation Tomcat 6.0.18
Apache Software Foundation Tomcat 5.5.27
Apache Software Foundation Tomcat 4.1.38



-\\Discussion
Apache Tomcat is prone to a remote information-disclosure vulnerability.

Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to further attacks.

The following versions are affected:

Tomcat 4.1.0 through 4.1.37
Tomcat 5.5.0 through 5.5.26
Tomcat 6.0.0 through 6.0.16

Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.



-\\Exploit(s)/PoC(s):
An attacker can exploit this issue through a browser.

The following proof-of-concept URI is available:

http://www.example.com/page.jsp?blah=/../WEB-INF/web.xml



-\\Solution
The vendor released updates. Please see the references for more information.


MandrakeSoft Linux Mandrake  2008.0
--Mandriva  tomcat5-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/

HP HP-UX  B.11.23
--HP  HPUXWSATW-B222-1123-32.depot
PA-32
http://software.hp.cohttp://software.hp.com
--HP  HPUXWSATW-B222-1123-64.depot
IA-64
http://software.hp.cohttp://software.hp.com
--HP  HPUXWSATW-B302-32.depot
IA-64
http://software.hp.cohttp://software.hp.com

HP HP-UX  B.11.11
--HP  HPUXWSATW-B222-1111.depot
PA-32
http://software.hp.cohttp://software.hp.com
--HP  HPUXWSATW-B302-64.depot
http://software.hp.cohttp://software.hp.com

Apple Mac OS X Server 10.5.5
--Apple  SecUpdSrvr2008-007.dmg
http://www.apple.com/support/downloads/securityupdate2008007serverleopard.htmhttp://www.apple.com/support/downloads/securityupdate2008007serverleopard.html

Apache Software Foundation Tomcat 6.0.10
--Apache Software Foundation  apache-tomcat-6.0.18.tar.gz
http://mirror.atlanticmetro.net/apache/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.ghttp://mirror.atlanticmetro.net/apache/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.gz

Apache Software Foundation Tomcat 6.0.13
--Apache Software Foundation  apache-tomcat-6.0.18.tar.gz
http://mirror.atlanticmetro.net/apache/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.ghttp://mirror.atlanticmetro.net/apache/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.gz

Apache Software Foundation Tomcat 6.0.15
--Apache Software Foundation  apache-tomcat-6.0.18.tar.gz
http://mirror.atlanticmetro.net/apache/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.ghttp://mirror.atlanticmetro.net/apache/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.gz

Apache Software Foundation Tomcat 6.0.16
--Apache Software Foundation  apache-tomcat-6.0.18.tar.gz
http://mirror.atlanticmetro.net/apache/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.ghttp://mirror.atlanticmetro.net/apache/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.gz

Apache Software Foundation Tomcat 6.0.5
--Apache Software Foundation  apache-tomcat-6.0.18.tar.gz
http://mirror.atlanticmetro.net/apache/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.ghttp://mirror.atlanticmetro.net/apache/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.gz

Apache Software Foundation Tomcat 6.0.7
--Apache Software Foundation  apache-tomcat-6.0.18.tar.gz
http://mirror.atlanticmetro.net/apache/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.ghttp://mirror.atlanticmetro.net/apache/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.gz

Apache Software Foundation Tomcat 6.0.8
--Apache Software Foundation  apache-tomcat-6.0.18.tar.gz
http://mirror.atlanticmetro.net/apache/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.ghttp://mirror.atlanticmetro.net/apache/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.gz



-\\Reference(s)
--Apache Tomcat 4.x vulnerabilities
http://tomcat.apache.org/security-4.htm  (Apache)
--Apache Tomcat 5.x vulnerabilities
http://tomcat.apache.org/security-5.htm  (Apache)
--Apache Tomcat 6.x vulnerabilities
http://tomcat.apache.org/security-6.htm  (Apache)
--Apache Tomcat Homepage
http://tomcat.apache.org  (Apache)
--JBoss Enterprise Application Platform 4.2 Release Notes CP04
http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp04/html-single/readme/index.htm  (Red Hat)
--Release Name: 3.0.5
https://sourceforge.net/project/shownotes.php?release_id=626903&group_id=14477  (WiKID Systems)
--Solution  251986 :   Security Vulnerabilities in Tomcat 5.5 may Lead to Cross S
http://sunsolve.sun.com/search/document.do?assetkey=1-66-251986-  (Sun Microsystem)
--[CVE-2008-2370] Apache Tomcat information disclosure vulnerability
http://www.securityfocus.com/archive/1/49502  (Mark Thomas < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >)
--ASA-2008-401 - tomcat security update (RHSA-2008-0862)
http://support.avaya.com/elmodocs2/security/ASA-2008-401.ht  (Avaya)
--RHSA-2008:0648-10 tomcat security update
http://rhn.redhat.com/errata/RHSA-2008-0648.htm  (Red Hat)
 

Security Services by HSC

Contact us

Become partner
Advertise with us
Join our staff