tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aditi Sinha <adisinha0...@gmail.com>
Subject Need help to understand CVE-2007-0450
Date Wed, 21 Nov 2012 13:40:35 GMT
Hi,

We have a web server hosted on Tomcat 7.0.22.

There are two connectors defined server.xml listening at port 8080 and 8443.
During vulnerability scan a 3rd party tool reported  CVE-2007-0450 “Apache
Tomcat Directory Traversal Attack” on both ports 8080 and 8443.
The tool was able to access the Tomcat manager application with the
following URL :
http://localhost:8080/scripts/\../manager/html

As per Tomcat security documents the issue is not present in Tomcat 7.
Is there anything wrong in our web application deployment?
Any help appreciated.


Thanks & Regards,
Aditi

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message