Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


PCI Compliance Vulnerability

Posted on 2009-12-22
Medium Priority
Last Modified: 2013-12-02
The remote host is running a vulnerable version of Apache tomcat. A RequestDispatcher API is vulnerable to a directory traversal attack, This could allow an attacker to view files outside of the web application's root.


Remediation Action: Upgrade to versions 6.0.20/4.1.SVN or later or apply the pactches referenced in the vendor advisory.

Threat: Med


What is the solution for this?
Question by:akgautham
LVL 57

Accepted Solution

giltjr earned 500 total points
ID: 26114037
Umm, the remote host needs to either upgrade to the versions listed or apply the patches referenced in vendor's advisory.

What don't you understand?

LVL 26

Assisted Solution

arober11 earned 500 total points
ID: 26131693
Note section 6.1 of the PCI-DSS reg's require you to apply vendor released security patches within a month of release. So to be comnpliant / pass an audit (avoid a fine) you must have a documented procedure in place, that tasks someone / a group with checking for, downloading, evaluating, testing and scheduling the application of vendor security patches.

Judging by the tags above you should be subscribing to the Apache HTTP, Tomcat, Sun Java and what ever OS, Firewall and DB you run, Announce email lists. These will detail the release of any new security patches.

To catch up have a look at the appropriate vendor pages, and see what you are unerable to e.g. http://tomcat.apache.org/security-6.html

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Upgrading Tomcat – There are a couple of methods to upgrade Tomcat is to use The Apache Installer is to download and unzip and run the services.bat remove|install Tomcat6 Because of the App that we are working with, we can only use Tomcat 6.…
The title says it all. Writing any type of PHP Application or API code that provides high throughput, while under a heavy load, seems to be an arcane art form (Black Magic). This article aims to provide some general guidelines for producing this typ…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses
Course of the Month11 days, 8 hours left to enroll

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question