[Bug 60667] New: Information disclosure vulnerability leaking files from WEB-INF and META-INF

bugzilla Mon, 30 Jan 2017 19:35:01 -0800

https://bz.apache.org/bugzilla/show_bug.cgi?id=60667


            Bug ID: 60667
           Summary: Information disclosure vulnerability leaking files
                    from WEB-INF and META-INF
           Product: Tomcat 7
           Version: 7.0.61
          Hardware: All
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Servlet & JSP API
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

Request : https://<server>:<port>/META-INf./template.mf
Response : Content of template.mf


Here the tomcat URL filter for restricting access to META-INF and WEB-INF can
be evaded using a "." in the end of the directory-name and one keeping at least
one character lowercase.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 60667] New: Information disclosure vulnerability leaking files from WEB-INF and META-INF

Reply via email to