5
CVSSv2

CVE-2008-2370

Published: 04/08/2008 Updated: 21/11/2024

Vulnerability Summary

Apache Tomcat 4.1.0 up to and including 4.1.37, 5.5.0 up to and including 5.5.26, and 6.0.0 up to and including 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote malicious users to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 4.1.0

apache tomcat 4.1.1

apache tomcat 4.1.2

apache tomcat 4.1.3

apache tomcat 4.1.4

apache tomcat 4.1.5

apache tomcat 4.1.6

apache tomcat 4.1.7

apache tomcat 4.1.8

apache tomcat 4.1.9

apache tomcat 4.1.10

apache tomcat 4.1.11

apache tomcat 4.1.12

apache tomcat 4.1.13

apache tomcat 4.1.14

apache tomcat 4.1.15

apache tomcat 4.1.16

apache tomcat 4.1.17

apache tomcat 4.1.18

apache tomcat 4.1.19

apache tomcat 4.1.20

apache tomcat 4.1.21

apache tomcat 4.1.22

apache tomcat 4.1.23

apache tomcat 4.1.24

apache tomcat 4.1.25

apache tomcat 4.1.26

apache tomcat 4.1.27

apache tomcat 4.1.28

apache tomcat 4.1.29

apache tomcat 4.1.30

apache tomcat 4.1.31

apache tomcat 4.1.32

apache tomcat 4.1.33

apache tomcat 4.1.34

apache tomcat 4.1.35

apache tomcat 4.1.36

apache tomcat 4.1.37

apache tomcat 5.5.0

apache tomcat 5.5.1

apache tomcat 5.5.2

apache tomcat 5.5.3

apache tomcat 5.5.4

apache tomcat 5.5.5

apache tomcat 5.5.6

apache tomcat 5.5.7

apache tomcat 5.5.8

apache tomcat 5.5.9

apache tomcat 5.5.10

apache tomcat 5.5.11

apache tomcat 5.5.12

apache tomcat 5.5.13

apache tomcat 5.5.14

apache tomcat 5.5.15

apache tomcat 5.5.16

apache tomcat 5.5.17

apache tomcat 5.5.18

apache tomcat 5.5.19

apache tomcat 5.5.20

apache tomcat 5.5.21

apache tomcat 5.5.22

apache tomcat 5.5.23

apache tomcat 5.5.24

apache tomcat 5.5.25

apache tomcat 5.5.26

apache tomcat 6.0.0

apache tomcat 6.0.1

apache tomcat 6.0.2

apache tomcat 6.0.3

apache tomcat 6.0.4

apache tomcat 6.0.5

apache tomcat 6.0.6

apache tomcat 6.0.7

apache tomcat 6.0.8

apache tomcat 6.0.9

apache tomcat 6.0.10

apache tomcat 6.0.11

apache tomcat 6.0.12

apache tomcat 6.0.13

apache tomcat 6.0.14

apache tomcat 6.0.15

apache tomcat 6.0.16

Vendor Advisories

Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic Updated tomcat packages that fix multiple security issues are now availablefor Red Hat Developer Suite 3This update has been rated as having important security impact by the RedHat Security Response Team D ...
Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic Updated tomcat packages that fix several security issues are now availablefor Red Hat Application Server v2This update has been rated as having important security impact by the RedHat Security Response Team ...
Synopsis Low: tomcat security update for Red Hat Network Satellite Server Type/Severity Security Advisory: Low Topic Updated tomcat packages that fix multiple security issues are now availablefor Red Hat Network Satellite ServerThis update has been rated as having low security impact by the RedHat Security ...
Synopsis Important: jbossweb security update Type/Severity Security Advisory: Important Topic An updated jbossweb package that fixes various security issues is nowavailable for JBoss Enterprise Application Platform (JBoss EAP) 42 and43This update has been rated as having important security impact by the ...

Exploits

source: wwwsecurityfocuscom/bid/30494/info Apache Tomcat is prone to a remote information-disclosure vulnerability Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server Information obtained may lead to further attacks The following versions are affected: Tomcat 410 through 4137 To ...