HomePentest-Tools.com Logo

Apache Tomcat Information Disclosure Vulnerability - Jan21 (Windows) CVE-2021-24122

Severity
CVSSv3 Score
5.9
Vulnerability description

Apache Tomcat is prone to an information disclosure vulnerability.

Risk description

When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.

Recommendation

Update to version 7.0.107, 8.5.60, 9.0.40, 10.0.0-M10 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jan 14, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available