Tomcat Directory Traversal Vulnerability
Are Academus 2.0 and 2.1 affected by the Tomcat Directory Traversal Vulnerability as described in http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0167.html?
No, Academus as delivered by Unicon is not impacted by this vulnerability.
While you can jump web contexts with the version of tomcat shipped with Academus 2.0 (5.0.28) as described in the above-linked page, Academus does not include any web applications that are not meant for portal users to access. Specifically, the manager web application is not deployed. If you have added that or any other web applications to your Academus Tomcat instance, we suggest taking care to restrict access to them or hosting them elsewhere in an unaffected Tomcat version.
Academus 2.0 and 2.1 as delivered include a Tomcat server version afflicted by the Tomcat Directory Traversal Vulnerability, but that vulnerability does not result in illicit access to the applications specifically included in the Academus product.
