Vigil@nce: Apache Tomcat, command execution via SSI
July 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When the SSI feature is enabled, the "exec" directive is also
enabled, so an attacker allowed to upload a malicious page can
execute code on the server.
– Severity: 1/4
– Creation date: 23/07/2010
DESCRIPTION OF THE VULNERABILITY
SSI (Server Side Includes) use tags in an HTML file to offer
advanced features:
– file inclusion
– inclusion of the result of a command
– conditional display
The "exec" directive executes a command, and it is thus
potentially dangerous.
However, when the SSI feature is enabled, the "exec" directive is
also enabled, so an attacker allowed to upload a malicious page
can execute code on the server.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Apache-Tomcat-command-execution-via-SSI-9783