4.3
CVSSv2

CVE-2009-2902

Published: 28/01/2010 Updated: 25/03/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Directory traversal vulnerability in Apache Tomcat 5.5.0 up to and including 5.5.28 and 6.0.0 up to and including 6.0.20 allows remote malicious users to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 5.5.25

apache tomcat 5.5.10

apache tomcat 5.5.5

apache tomcat 5.5.4

apache tomcat 5.5.11

apache tomcat 5.5.12

apache tomcat 5.5.21

apache tomcat 5.5.19

apache tomcat 6.0.9

apache tomcat 5.5.27

apache tomcat 5.5.9

apache tomcat 5.5.15

apache tomcat 5.5.18

apache tomcat 6.0.11

apache tomcat 5.5.1

apache tomcat 5.5.28

apache tomcat 5.5.26

apache tomcat 6.0.15

apache tomcat 5.5.22

apache tomcat 6.0.10

apache tomcat 5.5.3

apache tomcat 6.0.17

apache tomcat 6.0

apache tomcat 6.0.0

apache tomcat 6.0.14

apache tomcat 5.5.2

apache tomcat 6.0.1

apache tomcat 6.0.12

apache tomcat 5.5.24

apache tomcat 6.0.18

apache tomcat 5.5.16

apache tomcat 6.0.5

apache tomcat 5.5.17

apache tomcat 6.0.2

apache tomcat 6.0.13

apache tomcat 6.0.16

apache tomcat 6.0.6

apache tomcat 5.5.14

apache tomcat 5.5.7

apache tomcat 6.0.7

apache tomcat 6.0.4

apache tomcat 5.5.6

apache tomcat 5.5.20

apache tomcat 6.0.20

apache tomcat 6.0.3

apache tomcat 5.5.0

apache tomcat 5.5.13

apache tomcat 5.5.8

apache tomcat 5.5.23

apache tomcat 6.0.19

apache tomcat 6.0.8

Vendor Advisories

Synopsis Important: tomcat5 security update Type/Severity Security Advisory: Important Topic Updated tomcat5 packages that fix three security issues are now availablefor Red Hat Application Server v2The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerab ...
Synopsis Low: JBoss Enterprise Web Server 101 update Type/Severity Security Advisory: Low Topic JBoss Enterprise Web Server 101 is now available for Red Hat EnterpriseLinux 4 and 5This update has been rated as having low security impact by the Red HatSecurity Response Team Description ...
Synopsis Important: tomcat5 security update Type/Severity Security Advisory: Important Topic Updated tomcat5 packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerab ...
It was discovered that Tomcat did not correctly validate WAR filenames or paths when deploying A remote attacker could send a specially crafted WAR file to be deployed and cause arbitrary files and directories to be created, overwritten, or deleted ...
VMSA-2011-00032 VMware Security Advisory   VMware Security Advisory Advisory ID: VMSA-2011-00032 VMware Security Advisory Synopsis: Third p ...

References

CWE-22http://secunia.com/advisories/38316http://securitytracker.com/id?1023504http://www.securityfocus.com/bid/37945http://svn.apache.org/viewvc?rev=892815&view=revhttp://www.vupen.com/english/advisories/2010/0213http://tomcat.apache.org/security-5.htmlhttp://secunia.com/advisories/38346http://tomcat.apache.org/security-6.htmlhttp://svn.apache.org/viewvc?rev=902650&view=revhttp://secunia.com/advisories/38541http://ubuntu.com/usn/usn-899-1http://secunia.com/advisories/38687http://www.redhat.com/support/errata/RHSA-2010-0119.htmlhttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://support.apple.com/kb/HT4077http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.htmlhttp://secunia.com/advisories/39317http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113http://secunia.com/advisories/40330http://www.vupen.com/english/advisories/2010/1559http://www.redhat.com/support/errata/RHSA-2010-0580.htmlhttp://secunia.com/advisories/40813http://www.redhat.com/support/errata/RHSA-2010-0582.htmlhttp://www.vupen.com/english/advisories/2010/1986http://www.mandriva.com/security/advisories?name=MDVSA-2010:177http://www.mandriva.com/security/advisories?name=MDVSA-2010:176http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://secunia.com/advisories/43310http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlhttp://www.debian.org/security/2011/dsa-2207http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.htmlhttp://lists.opensuse.org/opensuse-updates/2012-12/msg00090.htmlhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00037.htmlhttp://marc.info/?l=bugtraq&m=136485229118404&w=2http://marc.info/?l=bugtraq&m=139344343412337&w=2http://secunia.com/advisories/57126http://marc.info/?l=bugtraq&m=133469267822771&w=2http://marc.info/?l=bugtraq&m=127420533226623&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/55857https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7092https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19431http://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.securityfocus.com/archive/1/509150/100/0/threadedhttps://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2010:0582https://nvd.nist.govhttps://usn.ubuntu.com/899-1/https://www.securityfocus.com/bid/37945