vulnerability bulletin 9783

Apache Tomcat: command execution via SSI

Synthesis of the vulnerability

When the SSI feature is enabled, the "exec" directive is also enabled, so an attacker allowed to upload a malicious page can execute code on the server.

Severity: 1/4. Creation date: 23/07/2010.

Description of the vulnerability

SSI (Server Side Includes) use tags in an HTML file to offer advanced features:   <!--#include file="filename"--> : file inclusion   <!--#exec cmd="ls -l"--> : inclusion of the result of a command   <!--#if expr="..." --> : conditional display The "exec" directive executes a command, and it is thus potentially dangerous. However, when the SSI feature is enabled, the "exec" directive is also enabled, so an attacker allowed to upload a malicious page can execute code on the server.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: Apache Tomcat: command execution via SSI. Keywords: Apache HTML Includes SSI Server Side Tomcat command execution. Identifiers: 48960, VIGILANCE-VUL-9783.

Information sources

Publications and announces Source example: Bug 48960 - SSI Servlet should support safe configuration

Solutions for this vulnerability

Patch or workaround

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerability bulletins