tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sebastian Kruk <sebastian.k...@deri.org>
Subject Re: URI handling bug in Tomcat 6.0.13?
Date Sun, 24 Jun 2007 17:04:15 GMT
Damn,

should not read/write emails on Sunday - thanks a million,

Cheers,

S.

On 24 Jun 2007, at 17:52, Rainer Jung wrote:

> You didn't really read the part of the page I referred to and  
> instead decided to read the CVE. The page I sent you will tell you  
> about System properties that make the behaviour configurable.
>
> Sebastian Kruk wrote:
>> Thanks,
>> so if I got it right - due to some security reasons:
>> "Directory traversal vulnerability in Apache HTTP Server and  
>> Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain  
>> proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote  
>> attackers to read arbitrary files via a .. (dot dot) sequence with  
>> combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL- 
>> encoded backslash (%5C) characters in the URL, which are valid  
>> separators in Tomcat but not in Apache."
>> ... I cannot use sequence of .. (dot dot), /, \ and %5C
>> Yes, but, it is strange since  I do have neither (dot dot) nor %5C  
>> nor \  [we cannot ban / completely, right?],
>> Tomcat seems to be reacting strange on %2F, which have to be  
>> URLEncoded, since this is a URI I am passing to an internal  
>> procedure,
>>  if this URI is not URL encoded - than my regexp defined REST  
>> services endpoints will freak out and consider only all they will  
>> see till / as a parameter.
>> As I said before - it seems that Tomcat is sensitive to a %2F in  
>> my URI, which is not on the list above.
>> http://localhost:8080/jeromedl/mbb/filter/marcont:hasDomain/http%3A 
>> %2F%2Fdmoz.org%2FTop Can you, please, explain what is wrong with  
>> this URI? I got a feeling that although the CVE-2007-0450 might be  
>> important, it has been implemented in wrong way?
>> Thanks,
>> Sebastian
>> On 24 Jun 2007, at 16:09, Rainer Jung wrote:
>>> Look for "CVE-2007-0450" in
>>>
>>> http://tomcat.apache.org/security-6.html
>>>
>>> Regards,
>>>
>>> Rainer
>>>
>>> Sebastian Kruk wrote:
>>>> Hello,
>>>> just a quick question. Why URI like the following:
>>>> http://localhost:8080/jeromedl/mbb/filter/marcont:hasDomain/http% 
>>>> 3A%2F%2Fdmoz.org%2FTop result in error 400 - incorrect URI -  
>>>> noSlash error in Tomcat 6.0.13,
>>>> but were correctly handled in Tomcat 5.5 ?
>>>> After investigating a little I have noticed that the problem is  
>>>> in %2F sequence (URI encoding of /).
>>>> Is there any HTTP specification detail that I have missed or is  
>>>> it, as I think it is, a bug in Tomcat 6?
>>>> Thanks for any hints,
>>>> Cheers,
>>>> Sebastian
>>>> --------------------------------------------
>>>> --   Sebastian Ryszard Kruk
>>>> --   Lead Researcher, Project Manager
>>>> --   Semantic Infrastructure Lab, eLearning Cluster
>>>> --   Digital Enterprise Research Institute--   National  
>>>> University of Ireland, Galway--   mailto: sebastian.kruk@deri.org
>>>> --   GG: 335067, Jabber: s_kruk@chrome.pl
>>>> --   Skype: sebastiankruk
>>>> --   WWW: http://www.sebastiankruk.com/--   mobile (IRL): +353  
>>>> 85 7126591
>>>> --   VoIP   (PL):  +48  52 5110114
>>>> --------------------------------------------
>>>> ------------------------------------------------------------------- 
>>>> --
>>>> To start a new topic, e-mail: users@tomcat.apache.org
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>> -- 
>>> -- 
>>> kippdata
>>> informationstechnologie GmbH   Tel: 0228 98549 -0
>>> Bornheimer Str. 33a            Fax: 0228 98549 -50
>>> 53111 Bonn                     www.kippdata.de
>>>
>>> HRB 8018 Amtsgericht Bonn / USt.-IdNr. DE 196 457 417
>>> Geschäftsführer: Dr. Thomas Höfer, Rainer Jung, Sven Maurmann
>>> ===============================
>>> kippdata
>>> informationstechnologie GmbH   Tel: +49 228 98549 -0
>>> Bornheimer Str. 33a            Fax: +49 228 98549 -50
>>> D-53111 Bonn                   www.kippdata.de
>>>
>>> HRB 8018 Amtsgericht Bonn / USt.-IdNr. DE 196 457 417
>>> Geschäftsführer: Dr. Thomas Höfer, Rainer Jung, Sven Maurmann
>>>
>>> -------------------------------------------------------------------- 
>>> -
>>> To start a new topic, e-mail: users@tomcat.apache.org
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>> --------------------------------------------
>> --   Sebastian Ryszard Kruk
>> --   Lead Researcher, Project Manager
>> --   Semantic Infrastructure Lab, eLearning Cluster
>> --   Digital Enterprise Research Institute--   National University  
>> of Ireland, Galway--   mailto: sebastian.kruk@deri.org
>> --   GG: 335067, Jabber: s_kruk@chrome.pl
>> --   Skype: sebastiankruk
>> --   WWW: http://www.sebastiankruk.com/--   mobile (IRL): +353 85  
>> 7126591
>> --   VoIP   (PL):  +48  52 5110114
>> --------------------------------------------
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>
> -- 
> --
> kippdata
> informationstechnologie GmbH   Tel: 0228 98549 -0
> Bornheimer Str. 33a            Fax: 0228 98549 -50
> 53111 Bonn                     www.kippdata.de
>
> HRB 8018 Amtsgericht Bonn / USt.-IdNr. DE 196 457 417
> Geschäftsführer: Dr. Thomas Höfer, Rainer Jung, Sven Maurmann
> ===============================
> kippdata
> informationstechnologie GmbH   Tel: +49 228 98549 -0
> Bornheimer Str. 33a            Fax: +49 228 98549 -50
> D-53111 Bonn                   www.kippdata.de
>
> HRB 8018 Amtsgericht Bonn / USt.-IdNr. DE 196 457 417
> Geschäftsführer: Dr. Thomas Höfer, Rainer Jung, Sven Maurmann
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org

--------------------------------------------
--   Sebastian Ryszard Kruk
--   Lead Researcher, Project Manager
--   Semantic Infrastructure Lab, eLearning Cluster
--   Digital Enterprise Research Institute 
--   National University of Ireland, Galway 
--   mailto: sebastian.kruk@deri.org
--   GG: 335067, Jabber: s_kruk@chrome.pl
--   Skype: sebastiankruk
--   WWW: http://www.sebastiankruk.com/ 
--   mobile (IRL): +353 85 7126591
--   VoIP   (PL):  +48  52 5110114
--------------------------------------------


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message