Vigil@nce - Apache Tomcat: information disclosure via Directory Listing
June 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can provide an XSLT with an external XML entity, to
manipulate data of a Directory Listing of Apache Tomcat, in order
to obtain sensitive information.
Impacted products: Tomcat
Severity: 2/4
Creation date: 27/05/2014
DESCRIPTION OF THE VULNERABILITY
A web application can define an XSLT to format a Directory Listing.
However, an attacker can use an XSLT with an external XML entity,
in order to bypass file access constraints imposed by the Security
Manager.
An attacker, who is allowed to install a web application, can
therefore provide an XSLT with an external XML entity, to
manipulate data of a Directory Listing of Apache Tomcat, in order
to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Apache-Tomcat-information-disclosure-via-Directory-Listing-14807