tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aditi Sinha <adisinha0...@gmail.com>
Subject Re: Need help to understand CVE-2007-0450
Date Thu, 22 Nov 2012 13:35:55 GMT
Thanks Guys.

As per my reading of the suggested material and looking at the logs that
Andre has shared, I think there are two ways in which the directory
traversal attack could be made.

1. By having ..\ equivalents in the URL itself
2. By having ..\ equivalents in the request parameters.

In my case, I am not worried about the request parameters since my
application doesn't handle any such path related queries and all request
parameters are signed by our client app.

So, It would really help me narrow down on a course of action ff you guys
can tell me  -

*Whether someone can get access to any file/directory outside the tomcat
webapps folder using "Style 1 (using ..\ equivalent in the URL itself)
 Directory traversal attack (scoped to Tomcat) on Windows".*

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message