Page 12 of 57 results (0.020 seconds)

CVSS: 5.0EPSS: 97%CPEs: 3EXPL: 1

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. Vulnerabilidad de salto de directorio en Apache HTTP Server y Tomcat 5.x anterior a 5.5.22 y 6.x anterior a 6.0.10, al usar ciertos módulos de proxy (mod_proxy, mod_rewrite, mod_jk), permite a atacantes remotos leer ficheros de su elección mediante una secuencia .. (punto punto) con combinaciones de caracteres (1) "/" (barra), (2) "\" (barra invertida), y (3) barra invertida con codificación de URL (%5C), los cuales son separadores válidos en Tomcat pero no en Apache. • https://www.exploit-db.com/exploits/29739 http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://docs.info.apple.com/article.html?artnum=306172 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://lists.vmware.com/pipermail/security-announce/2008/000003.html http://secunia.com/advisories/24732 http://secunia.com/advisories/25106 http://secunia.com/adv • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 87%CPEs: 5EXPL: 3

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do. Apache Tomcat 5 anterior a 5.5.17 permite a atacantes remotos listar directorios a través de un punto y coma (;) precedido de un nombre de archivo con una extensión mapeada, como se demostró con las URLs finalizadas con /;index.jsp y /;help.do. ToutVirtual VirtualIQ Pro version 3.2 build 7882 suffers from cross site scripting, cross site request forgery, directory traversal, and code execution vulnerabilities. • https://www.exploit-db.com/exploits/28254 http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/25212 http://secunia.com/advisories/30899 http://secunia.com/advisories/30908 http://secunia.com/advisories/33668 http://secunia.com/advisories/37297 http://securitytracker.com/id?1016576 http:/ •