Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability

Apache Tomcat is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue allows attackers to delete arbitrary files within the context of the current working directory.

The following versions are affected:

Tomcat 5.5.0 through 5.5.28
Tomcat 6.0.0 through 6.0.20


Privacy Statement
Copyright 2010, SecurityFocus