Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2008-2938

Published: 13/08/2008 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 520
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Apache

Vulnerability Summary

Directory traversal vulnerability in Apache Tomcat 4.1.0 up to and including 4.1.37, 5.5.0 up to and including 5.5.26, and 6.0.0 up to and including 6.0.16, when allowLinking and UTF-8 are enabled, allows remote malicious users to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat

Vendor Advisories

Red Hat: Important: tomcat security update
Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic Updated tomcat packages that fix multiple security issues are now availablefor Red Hat Developer Suite 3This update has been rated as having important security impact by the RedHat Security Response Team D ...
Red Hat: Important: tomcat security update
Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic Updated tomcat packages that fix several security issues are now availablefor Red Hat Application Server v2This update has been rated as having important security impact by the RedHat Security Response Team ...
Red Hat: Important: jbossweb security update
Synopsis Important: jbossweb security update Type/Severity Security Advisory: Important Topic An updated jbossweb package that fixes various security issues is nowavailable for JBoss Enterprise Application Platform (JBoss EAP) 42 and43This update has been rated as having important security impact by the ...
Red Hat: Low: tomcat security update for Red Hat Network Satellite Server
Synopsis Low: tomcat security update for Red Hat Network Satellite Server Type/Severity Security Advisory: Low Topic Updated tomcat packages that fix multiple security issues are now availablefor Red Hat Network Satellite ServerThis update has been rated as having low security impact by the RedHat Security ...

Exploits

Exploit DB: Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal
/*Apache Tomcat &lt; 6018 UTF8 Directory Traversal Vulnerability get /etc/passwd Exploit c0d3r: mywisdom thanks for not being lame to change exploit author tis is one of my linux w0rm module for user enumerations, i've dual os worm thanks to: gunslinger,flyf666,petimati,kiddies,xtr0nic,c0mrade,n0te,v3n0m,iblis muda,cr4wl3r thanks to: isa m said, ...
Exploit DB: Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC)
Title: Apache Tomcat Directory Traversal Vulnerability Author: Simon Ryeo(bar4mi (at) gmailcom, barami (at) ahnlabcom) Severity: High Impact: Remote File Disclosure Vulnerable Version: prior to 6018 Solution: - Best Choice: Upgrade to 6018 (tomcatapacheorg) - Hot fix: Disable allowLinking or do not set URIencoding to utf8 in order ...
Exploit DB: Oracle Containers For Java Traversal
The Oracle Containers For Java (OC4J) in the Oracle Application Server 10g suffers from a directory traversal vulnerability ...
Exploit DB: ToutVirtual VirtualIQ Pro XSS / XSRF / Execution
ToutVirtual VirtualIQ Pro version 32 build 7882 suffers from cross site scripting, cross site request forgery, directory traversal, and code execution vulnerabilities ...
Exploit DB: tomcat-traverse.txt
Apache Tomcat versions prior to 6018 suffer from a directory traversal vulnerability ...
Exploit DB: TrendMicro Data Loss Prevention 5.5 Directory Traversal
This module tests whether a directory traversal vulnerability is present in Trend Micro DLP (Data Loss Prevention) Appliance v55 build &lt;= 1294 The vulnerability appears to be actually caused by the Tomcat UTF-8 bug which is implemented in module tomcat_utf8_traversal CVE 2008-2938 This module simply tests for t ...
Exploit DB: TrendMicro Data Loss Prevention 5.5 Directory Traversal
This module tests whether a directory traversal vulnerability is present in Trend Micro DLP (Data Loss Prevention) Appliance v55 build &lt;= 1294 The vulnerability appears to be actually caused by the Tomcat UTF-8 bug which is implemented in module tomcat_utf8_traversal CVE 2008-2938 This module simply tests for t ...

Metasploit Modules

TrendMicro Data Loss Prevention 5.5 Directory Traversal

This module tests whether a directory traversal vulnerability is present in Trend Micro DLP (Data Loss Prevention) Appliance v5.5 build <= 1294. The vulnerability appears to be actually caused by the Tomcat UTF-8 bug which is implemented in module tomcat_utf8_traversal CVE 2008-2938. This module simply tests for the same bug with Trend Micro specific settings. Note that in the Trend Micro appliance, /etc/shadow is not used and therefore password hashes are stored and anonymously accessible in the passwd file.

msf > use auxiliary/admin/http/trendmicro_dlp_traversal
msf auxiliary(trendmicro_dlp_traversal) > show actions
    ...actions...
msf auxiliary(trendmicro_dlp_traversal) > set ACTION < action-name >
msf auxiliary(trendmicro_dlp_traversal) > show options
    ...show and set options...
msf auxiliary(trendmicro_dlp_traversal) > run
TrendMicro Data Loss Prevention 5.5 Directory Traversal

This module tests whether a directory traversal vulnerability is present in Trend Micro DLP (Data Loss Prevention) Appliance v5.5 build <= 1294. The vulnerability appears to be actually caused by the Tomcat UTF-8 bug which is implemented in module tomcat_utf8_traversal CVE 2008-2938. This module simply tests for the same bug with Trend Micro specific settings. Note that in the Trend Micro appliance, /etc/shadow is not used and therefore password hashes are stored and anonymously accessible in the passwd file.

msf > use auxiliary/admin/http/trendmicro_dlp_traversal
msf auxiliary(trendmicro_dlp_traversal) > show actions
    ...actions...
msf auxiliary(trendmicro_dlp_traversal) > set ACTION < action-name >
msf auxiliary(trendmicro_dlp_traversal) > show options
    ...show and set options...
msf auxiliary(trendmicro_dlp_traversal) > run

Github Repositories

https://github.com/Naramsim/Offensive

Reproducible exploits for: CVE-2016-1240 CVE-2008-2938 CVE-2014-2064 CVE-2014-1904

Offensive technologies course This repository contains descriptions of several vulnerabilities and the code that exploits them Exploitable environments can be found in /dockerfiles/victim folder Attacker environments can be found in /dockerfiles/attacker folder Everything comes as Docker images Exploited CVEs: CVE-2008-2938 (Tomcat path traversal) CVE-2014-1904 (Spring pat

References

CWE-22http://tomcat.apache.org/security-6.htmlhttp://www.securityfocus.com/bid/30633http://www.redhat.com/support/errata/RHSA-2008-0648.htmlhttp://www.kb.cert.org/vuls/id/343355http://secunia.com/advisories/31639http://www.securitytracker.com/id?1020665http://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:188https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.htmlhttp://secunia.com/advisories/31891https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.htmlhttp://secunia.com/advisories/31865https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0862.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0864.htmlhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://www.securityfocus.com/bid/31681http://support.apple.com/kb/HT3216http://secunia.com/advisories/32222http://support.avaya.com/elmodocs2/security/ASA-2008-401.htmhttp://securityreason.com/securityalert/4148http://secunia.com/advisories/31982http://marc.info/?l=bugtraq&m=123376588623823&w=2http://secunia.com/advisories/33797http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://secunia.com/advisories/32120http://secunia.com/advisories/32266http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txthttp://secunia.com/advisories/37297http://www.vupen.com/english/advisories/2009/0320http://www.vupen.com/english/advisories/2008/2823http://www.vupen.com/english/advisories/2008/2343http://www.vupen.com/english/advisories/2008/2780https://exchange.xforce.ibmcloud.com/vulnerabilities/44411https://www.exploit-db.com/exploits/6229https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10587http://www.securityfocus.com/archive/1/507729/100/0/threadedhttp://www.securityfocus.com/archive/1/495318/100/0/threadedhttps://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2008:0864https://github.com/Naramsim/Offensivehttps://www.exploit-db.com/exploits/14489/https://www.kb.cert.org/vuls/id/343355
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook