Apache Tomcat is a popular open-source JSP application server program. Apache Tomcat 9.0.0.M1–9.0.0.M20, 8.5.0–8.5.14, 8.0.0.RC1–8.0.43, and 7.0.0–7.0.77 have vulnerabilities in the error page implementation mechanism, which leads to unexpected results based on source requests. For example, if DefaultServlet is writable, custom error pages may be replaced or removed.
See the following for more information about the vulnerability.
Apache Tomcat security policy bypass vulnerability
An attacker can exploit this vulnerability to construct malicious requests, which results in file deletion. For example, if DefaultServlet is writable, custom error pages may be replaced or removed.
See the following links for more information:
Condition and method of exploitation
- Apache Group Tomcat 9.0.0.M1-9.0.0.M20
- Apache Group Tomcat 8.5.0-8.5.14
- Apache Group Tomcat 8.0.0.RC1-8.0.43
- Apache Group Tomcat 7.0.0-7.0.77
How to fix or mitigate
The vendor has released a patch to fix the vulnerability. Download the latest version from the vendor’s website.