4.3
CVSSv2

CVE-2009-2902

Published: 28/01/2010 Updated: 21/11/2024

Vulnerability Summary

Apache Tomcat Directory Traversal Exploit Allows File Deletion

A directory traversal vulnerability is found in Apache Tomcat versions 5.5.0 to 5.5.28 and 6.0.0 to 6.0.20. This issue lets remote attackers remove files in the work directory. They use directory traversal sequences in a WAR filename to do this. For example, they might use a ...war filename.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 5.5.0

apache tomcat 5.5.1

apache tomcat 5.5.2

apache tomcat 5.5.3

apache tomcat 5.5.4

apache tomcat 5.5.5

apache tomcat 5.5.6

apache tomcat 5.5.7

apache tomcat 5.5.8

apache tomcat 5.5.9

apache tomcat 5.5.10

apache tomcat 5.5.11

apache tomcat 5.5.12

apache tomcat 5.5.13

apache tomcat 5.5.14

apache tomcat 5.5.15

apache tomcat 5.5.16

apache tomcat 5.5.17

apache tomcat 5.5.18

apache tomcat 5.5.19

apache tomcat 5.5.20

apache tomcat 5.5.21

apache tomcat 5.5.22

apache tomcat 5.5.23

apache tomcat 5.5.24

apache tomcat 5.5.25

apache tomcat 5.5.26

apache tomcat 5.5.27

apache tomcat 5.5.28

apache tomcat 6.0

apache tomcat 6.0.0

apache tomcat 6.0.1

apache tomcat 6.0.2

apache tomcat 6.0.3

apache tomcat 6.0.4

apache tomcat 6.0.5

apache tomcat 6.0.6

apache tomcat 6.0.7

apache tomcat 6.0.8

apache tomcat 6.0.9

apache tomcat 6.0.10

apache tomcat 6.0.11

apache tomcat 6.0.12

apache tomcat 6.0.13

apache tomcat 6.0.14

apache tomcat 6.0.15

apache tomcat 6.0.16

apache tomcat 6.0.17

apache tomcat 6.0.18

apache tomcat 6.0.19

apache tomcat 6.0.20

Vendor Advisories

It was discovered that Tomcat did not correctly validate WAR filenames or paths when deploying A remote attacker could send a specially crafted WAR file to be deployed and cause arbitrary files and directories to be created, overwritten, or deleted ...
Synopsis Low: JBoss Enterprise Web Server 101 update Type/Severity Security Advisory: Low Topic JBoss Enterprise Web Server 101 is now available for Red Hat EnterpriseLinux 4 and 5This update has been rated as having low security impact by the Red HatSecurity Response Team Description ...
Synopsis Important: tomcat5 security update Type/Severity Security Advisory: Important Topic Updated tomcat5 packages that fix three security issues are now availablefor Red Hat Application Server v2The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerab ...
Synopsis Important: tomcat5 security update Type/Severity Security Advisory: Important Topic Updated tomcat5 packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerab ...