Update tomcat.md
It's not the tomcat version that's vulnerable. It's a path normalization inconsistency issue where the reverse proxy and tomcat parse the string /..;/ differently.
This commit is contained in:
parent
f72fa0049e
commit
44159285e5
@ -85,7 +85,7 @@ The following example scripts that come with Apache Tomcat v4.x - v7.x and can b
|
||||
|
||||
### Path Traversal (..;/)
|
||||
|
||||
In some **vulnerable versions of Tomcat** you can access to protected directories in Tomcat using the path: `/..;/`
|
||||
In some **[vulnerable configurations of Tomcat](https://www.acunetix.com/vulnerabilities/web/tomcat-path-traversal-via-reverse-proxy-mapping/)** you can access to protected directories in Tomcat using the path: `/..;/`
|
||||
|
||||
So, for example, you might be able to **access the Tomcat manager** page accessing: `www.vulnerable.com/lalala/..;/manager/html`
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user