Apache Tomcat is prone to a directory-traversal vulnerability and to an authentication-bypass vulnerability. Exploiting this issue allows attackers to delete arbitrary files within the context of the current working directory or gain unauthorized access to files and directories.. The following versions are affected: Tomcat 5.5.0 through 5.5.28 Tomcat 6.0.0 through 6.0.20
The vendor has released updates. Please see the references for details.
- IBM WebSphere Application Server (WAS) XSS and CSRF Vulnerabilities
- Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability
- Herberlin Bremsserver Directory Traversal Vulnerability
- HTTP File Server Security Bypass and Denial of Service Vulnerabilities
- IBM WebSphere Application Server JNDI information disclosure Vulnerability