CVE-2021-24122 Apache Tomcat Information Disclosure (14th Jan 2021)

Synopsis:
What is a Reparse Point? According to official information by Microsoft, In NTFS Filesystem, there is a concept called “reparse point. The traditional NTFS junctions and Win10 “Unix-like” symlinks are two different kinds of reparse points.
Starting in Windows 10, version 1607, for the unicode version of this function (FindFirstFileW), you can opt-in to remove the MAX_PATH character limitation without prepending “\\?\”.

Vulnerability details: The existing design weakness affects the function File.getCanonicalPath of the component NTFS File System Handler. The manipulation with an unknown input leads to source code disclosure vulnerability. For details, see attached diagram

Vendor announcement: http://mail-archives.us.apache.org/mod_mbox/www-announce/202101.mbox/%3Cf3765f21-969d-7f21-e34a-efc106175373%40apache.org%3E

Fixed in:
– 10.0.x for 10.0.0-M10 onwards
– 9.0.x for 9.0.40 onwards
– 8.5.x for 8.5.60 onwards
– 7.0.x for 7.0.107 onwards

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.