Vigil@nce - Apache Tomcat: file creation via tempdir
February 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker, who is allowed to upload a malicious application on
Apache Tomcat, can create files outside the temporary directory.
Severity: 1/4
Creation date: 07/02/2011
IMPACTED PRODUCTS
– Apache Tomcat
DESCRIPTION OF THE VULNERABILITY
The javax.servlet.context.tempdir attribute indicates the name of
the temporary directory, where intermediate files generated when
compiling JSP are stored.
However, an application is allowed to change this attribute. Its
temporary files will thus be stored in the directory chosen by the
attacker.
An attacker, who is allowed to upload a malicious application on
Apache Tomcat, can therefore create files outside the temporary
directory.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Apache-Tomcat-file-creation-via-tempdir-10328