[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Vulnerability in Apache Tomcat

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] Vulnerability in Apache Tomcat
From: Juan Martinez <gus70938@xxxxxxxxx>
Date: Sat, 11 Jul 2015 19:26:45 -0300

Hi everyone, i found a bug in servers Apache Tomcat who performs access at
all directories.
The bug is exploit by a Dork in Google, the
PoC is: allintitle:"Directory Listing For / (directory like access"/"
For example: allintitle:"Directory Listing For / root/"
This Dork access with dir root whithout passwords and the servers are
Apache Tomcat.
I advice update the Apache Tomcat for fix this bug or control with login.
Best Regards.
By Rootkit.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Follow-Ups:
- Re: [FD] Vulnerability in Apache Tomcat
  - From: Mark Thomas
- Re: [FD] Vulnerability in Apache Tomcat
  - From: ZhangTianqi

Prev by Date: [FD] CVE-2015-1438 - Arbitrary Code Execution [PSKMAD.sys] In Panda Security - Multiple Products
Next by Date: [FD] [CVE-2015-2862/2863 / CERT VU#919604] Kaseya VSA arbitrary file download / open redirect
Previous by thread: [FD] CVE-2015-1438 - Arbitrary Code Execution [PSKMAD.sys] In Panda Security - Multiple Products
Next by thread: Re: [FD] Vulnerability in Apache Tomcat
Index(es):
- Date
- Thread