I have few doubts regarding the usage of the pattern dot-dot-semicolon in the URL(to access servlet app deployed in apache tomcat webapps folder). Using dot-dot-semicolon(/..;/) makes the url back to one step.
The original issue(only dot-dot pattern) is a directory traversal vulnerability which has been resolved in latest version than tomcat 6.0.18 , domainname/../manager/html normalized to domainname/manager/html(404 error). But in 6.0.37,we can re-produce the same vulnerability with dot-dot-semicolon as domainname/..;/manager/html, then we can access the tomcat internal folder such as admin url and it prompts me the credentials of tomcat manager username and password. Here domainname is the client URL accessed the servlet app deployed in tomcat and the client url is configured in httpd.conf as
<VirtualHost *:443>
DocumentRoot /usr/local/apache/htdocs/EMPTY
JkMount /* ajp13
RewriteEngine on
RewriteRule ^/(.*) /he/$1 [PT]
</VirtualHost *:80>
Can we use any expression for RewriteRule to avoid the pattern(https://domainname/..;) for the below request URL's
"https://domainname/..;======/xxx/yyyy"
"https://domainname/..;/xxx/yyyy"
"https://domainname/..;abcd/xxx/yyyy"
virtual host settings in apache httpd.conf
<VirtualHost :80>
DocumentRoot /usr/local/apache/htdocs/EMPTY ServerName client.website.com
RewriteEngine On # Redirect all requests to the local Apache server to port
8000
RewriteRule ^/?(.) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
Please suggest.
Thank you
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
