Apache Tomcat is prone to a directory-traversal vulnerability and to an authentication-bypass vulnerability. Exploiting this issue allows attackers to delete arbitrary files within the context of the current working directory or gain unauthorized access to files and directories.. The following versions are affected: Tomcat 5.5.0 through 5.5.28 Tomcat 6.0.0 through 6.0.20
The vendor has released updates. Please see the references for details.
- HServer Webserver Multiple Directory Traversal Vulnerabilities
- bozotic HTTP server Information Disclosure Vulnerability
- Acritum Femitter Server URI Directory Traversal Vulnerability
- Apache Traffic Server HTTP TRACE Request Remote DoS Vulnerability
- IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability