Vulnerabilities > CVE-2008-2370 - Path Traversal vulnerability in Apache Tomcat

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
apache
CWE-22
nessus
exploit available

Summary

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

Vulnerable Configurations

Part Description Count
Application
Apache
82

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Relative Path Traversal
    An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
  • Directory Traversal
    An attacker with access to file system resources, either directly or via application logic, will use various file path specification or navigation mechanisms such as ".." in path strings and absolute paths to extend their range of access to inappropriate areas of the file system. The attacker attempts to either explore the file system for recon purposes or access directories and files that are intended to be restricted from their access. Exploring the file system can be achieved through constructing paths presented to directory listing programs, such as "ls" and 'dir', or through specially crafted programs that attempt to explore the file system. The attacker engaging in this type of activity is searching for information that can be used later in a more exploitive attack. Access to restricted directories or files can be achieved through modification of path references utilized by system applications.
  • File System Function Injection, Content Based
    An attack of this type exploits the host's trust in executing remote content including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the attacker and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The attacker exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the attacker knows the standard handling routines and can identify vulnerabilities and entry points they can be exploited by otherwise seemingly normal content. Once the attack is executed, the attackers' program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.
  • Using Slashes and URL Encoding Combined to Bypass Validation Logic
    This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

Exploit-Db

descriptionApache Tomcat 6.0.16 'RequestDispatcher' Information Disclosure Vulnerability. CVE-2008-2370. Remote exploits for multiple platform
idEDB-ID:32137
last seen2016-02-03
modified2008-08-01
published2008-08-01
reporterStefano Di Paola
sourcehttps://www.exploit-db.com/download/32137/
titleApache Tomcat <= 6.0.16 - 'RequestDispatcher' Information Disclosure Vulnerability

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-188.NASL
    descriptionA number of vulnerabilities have been discovered in the Apache Tomcat server : The default catalina.policy in the JULI logging component did not restrict certain permissions for web applications which could allow a remote attacker to modify logging configuration options and overwrite arbitrary files (CVE-2007-5342). A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers (CVE-2008-1232). A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter (CVE-2008-1947). A traversal vulnerability was found when using a RequestDispatcher in combination with a servlet or JSP that could allow a remote attacker to utilize a specially crafted request parameter to access protected web resources (CVE-2008-2370). A traversal vulnerability was found when the
    last seen2020-06-01
    modified2020-06-02
    plugin id36926
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36926
    titleMandriva Linux Security Advisory : tomcat5 (MDVSA-2008:188)
  • NASL familyWeb Servers
    NASL idTOMCAT_4_1_39.NASL
    descriptionAccording to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.39. It is, therefore, affected by one or more of the following vulnerabilities : - If the remote Apache Tomcat install is configured to use the SingleSignOn Valve, the JSESSIONIDSSO cookie does not have the
    last seen2020-03-18
    modified2010-06-11
    plugin id46867
    published2010-06-11
    reporterThis script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46867
    titleApache Tomcat 4.x < 4.1.39 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_WEBSPHERE-AS_CE-5850.NASL
    descriptionWebsphere has been updated to version 2.1.0.1 to fix several security vulnerabilities in the included subprojects, such as Apache Geronimo and Tomcat. (CVE-2007-0184 / CVE-2007-0185 / CVE-2007-2377 / CVE-2007-2449 / CVE-2007-2450 / CVE-2007-3382 / CVE-2007-3385 / CVE-2007-3386 / CVE-2007-5333 / CVE-2007-5342 / CVE-2007-5461 / CVE-2007-5613 / CVE-2007-5615 / CVE-2007-6286 / CVE-2008-0002 / CVE-2008-1232 / CVE-2008-1947 / CVE-2008-2370 / CVE-2008-2938)
    last seen2020-06-01
    modified2020-06-02
    plugin id41596
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41596
    titleSuSE 10 Security Update : Websphere Community Edition (ZYPP Patch Number 5850)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2008-007.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-007 applied. This security update contains fixes for the following products : - Apache - Certificates - ClamAV - ColorSync - CUPS - Finder - launchd - libxslt - MySQL Server - Networking - PHP - Postfix - PSNormalizer - QuickLook - rlogin - Script Editor - Single Sign-On - Tomcat - vim - Weblog
    last seen2020-06-01
    modified2020-06-02
    plugin id34374
    published2008-10-10
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34374
    titleMac OS X Multiple Vulnerabilities (Security Update 2008-007)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-8130.NASL
    description - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com> 0:5.5.27-0jpp.2 - add commons-io symlink - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com> 0:5.5.27-0jpp.1 - 5.5.27 Resolves: rhbz#456120 Resolves: rhbz#457934 Resolves: rhbz#446393 Resolves: rhbz#457597 - Tue Feb 12 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.2 - Rebuilt - Fri Feb 8 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.1 - Update to new upstream version, which also fixes the following : - CVE-2007-5342 - CVE-2007-5333 - CVE-2007-5461 - CVE-2007-6286 - Removed patch20, now in upstream. - Sat Jan 5 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-2jpp.2 - Fix for bz #153187 - Fix init script for bz #380921 - Fix tomcat5.conf and spec file for bz #253605 - Fix for bz #426850 - Fix for bz #312561 - Fix init script, per bz #247077 - Fix builds on alpha, per bz #253827 - Thu Nov 15 2007 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-1jpp.1 - Updated to 5.5.25, to fix the following issues : - CVE-2007-1355 - CVE-2007-3386 - CVE-2007-3385 - CVE-2007-3382 - CVE-2007-2450, RH bugzilla #244808, #244810, #244812, #363081 - CVE-2007-2449, RH bugzilla #244810, #244812, #244804, #363081 - Applied patch(20) for RH bugzilla #333791, CVE-2007-5461 - Applied patch(21) for RH bugzilla #244803, #244812, #363081, CVE-2007-1358 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id34227
    published2008-09-17
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34227
    titleFedora 8 : tomcat5-5.5.27-0jpp.2.fc8 (2008-8130)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-1007.NASL
    descriptionUpdated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server. This update has been rated as having low security impact by the Red Hat Security Response Team. This update corrects several security vulnerabilities in the Tomcat component shipped as part of Red Hat Network Satellite Server. In a typical operating environment, Tomcat is not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271) Users of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update to these Tomcat packages which resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43842
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43842
    titleRHEL 4 : tomcat in Satellite Server (RHSA-2008:1007)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0648.NASL
    descriptionFrom Red Hat Security Advisory 2008:0648 : Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError() method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232) An additional cross-site scripting vulnerability was discovered in the host manager application. A remote attacker could inject arbitrary web script or HTML via the hostname parameter. (CVE-2008-1947) A traversal vulnerability was discovered when using a RequestDispatcher in combination with a servlet or JSP. A remote attacker could utilize a specially crafted request parameter to access protected web resources. (CVE-2008-2370) An additional traversal vulnerability was discovered when the
    last seen2020-06-01
    modified2020-06-02
    plugin id67733
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67733
    titleOracle Linux 5 : tomcat (ELSA-2008-0648)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2009-0016.NASL
    descriptiona. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer
    last seen2020-06-01
    modified2020-06-02
    plugin id42870
    published2009-11-23
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42870
    titleVMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL9110.NASL
    descriptionApache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files through a .. (dot dot) in a request parameter.
    last seen2020-06-01
    modified2020-06-02
    plugin id78226
    published2014-10-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78226
    titleF5 Networks BIG-IP : Apache Tomcat information disclosure vulnerability (SOL9110)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2009-0002.NASL
    descriptiona. Update for VirtualCenter and ESX patch update Apache Tomcat version to 5.5.27 Update for VirtualCenter and ESX patch update the Tomcat package to version 5.5.27 which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-1232, CVE-2008-1947 and CVE-2008-2370 to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42178
    published2009-10-19
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42178
    titleVMSA-2009-0002 : VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-7977.NASL
    descriptionThis release fixes several security-related issues. In addition, this release fixes several user-reported problems related to the startup scripts and file layout. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id34185
    published2008-09-12
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34185
    titleFedora 9 : tomcat6-6.0.18-1.1.fc9 (2008-7977)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2009-0016_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start
    last seen2020-06-01
    modified2020-06-02
    plugin id89117
    published2016-03-03
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89117
    titleVMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0648.NASL
    descriptionUpdated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError() method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232) An additional cross-site scripting vulnerability was discovered in the host manager application. A remote attacker could inject arbitrary web script or HTML via the hostname parameter. (CVE-2008-1947) A traversal vulnerability was discovered when using a RequestDispatcher in combination with a servlet or JSP. A remote attacker could utilize a specially crafted request parameter to access protected web resources. (CVE-2008-2370) An additional traversal vulnerability was discovered when the
    last seen2020-06-01
    modified2020-06-02
    plugin id34057
    published2008-08-28
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34057
    titleRHEL 5 : tomcat (RHSA-2008:0648)
  • NASL familyWeb Servers
    NASL idTOMCAT_6_0_18.NASL
    descriptionAccording to its self-reported version number, the instance of Apache Tomcat listening on the remote host is prior to 6.0.18. It is, therefore, affected by multiple vulnerabilities : - The remote Apache Tomcat installation is affected by a cross-site scripting vulnerability in the HttpServletResponse.sendError method due to improper validation of user-supplied input to the
    last seen2020-03-18
    modified2010-07-01
    plugin id47578
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47578
    titleApache Tomcat < 6.0.18 Multiple Vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0648.NASL
    descriptionUpdated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError() method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232) An additional cross-site scripting vulnerability was discovered in the host manager application. A remote attacker could inject arbitrary web script or HTML via the hostname parameter. (CVE-2008-1947) A traversal vulnerability was discovered when using a RequestDispatcher in combination with a servlet or JSP. A remote attacker could utilize a specially crafted request parameter to access protected web resources. (CVE-2008-2370) An additional traversal vulnerability was discovered when the
    last seen2020-06-01
    modified2020-06-02
    plugin id43703
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43703
    titleCentOS 5 : tomcat5 (CESA-2008:0648)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080827_TOMCAT_ON_SL5_X.NASL
    descriptionA cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError() method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232) An additional cross-site scripting vulnerability was discovered in the host manager application. A remote attacker could inject arbitrary web script or HTML via the hostname parameter. (CVE-2008-1947) A traversal vulnerability was discovered when using a RequestDispatcher in combination with a servlet or JSP. A remote attacker could utilize a specially crafted request parameter to access protected web resources. (CVE-2008-2370) An additional traversal vulnerability was discovered when the
    last seen2020-06-01
    modified2020-06-02
    plugin id60470
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60470
    titleScientific Linux Security Update : tomcat on SL5.x i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0877.NASL
    descriptionAn updated jbossweb package that fixes various security issues is now available for JBoss Enterprise Application Platform (JBoss EAP) 4.2 and 4.3. This update has been rated as having important security impact by the Red Hat Security Response Team. JBoss Web Server (jbossweb) is an enterprise ready web server designed for medium and large applications, is based on Apache Tomcat, and is embedded into JBoss Application Server. It provides organizations with a single deployment platform for JavaServer Pages (JSP) and Java Servlet technologies, Microsoft(r) .NET, PHP, and CGI. A traversal vulnerability was discovered when using a RequestDispatcher in combination with a servlet or JSP. A remote attacker could utilize a specially crafted request parameter to access protected web resources. (CVE-2008-2370) An additional traversal vulnerability was discovered when the
    last seen2020-06-01
    modified2020-06-02
    plugin id63868
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63868
    titleRHEL 4 / 5 : jbossweb (RHSA-2008:0877)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-8113.NASL
    description - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com> 0:5.5.27-0jpp.2 - add commons-io symlink - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com> 0:5.5.27-0jpp.1 - 5.5.27 Resolves: rhbz#456120 Resolves: rhbz#457934 Resolves: rhbz#446393 Resolves: rhbz#457597 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id34226
    published2008-09-17
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34226
    titleFedora 9 : tomcat5-5.5.27-0jpp.2.fc9 (2008-8113)

Oval

  • accepted2013-04-29T04:06:49.702-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionApache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
    familyunix
    idoval:org.mitre.oval:def:10577
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleApache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
    version18
  • accepted2009-04-06T04:00:13.554-04:00
    classvulnerability
    contributors
    namePai Peng
    organizationHewlett-Packard
    definition_extensions
    • commentSolaris 9 (SPARC) is installed
      ovaloval:org.mitre.oval:def:1457
    • commentSolaris 10 (SPARC) is installed
      ovaloval:org.mitre.oval:def:1440
    • commentSolaris 9 (x86) is installed
      ovaloval:org.mitre.oval:def:1683
    • commentSolaris 10 (x86) is installed
      ovaloval:org.mitre.oval:def:1926
    descriptionApache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
    familyunix
    idoval:org.mitre.oval:def:5876
    statusaccepted
    submitted2009-02-26T10:58:29.000-05:00
    titleSecurity vulnerability in the RequestDispatcher class in Tomcat 5.5 bundled with Solaris 9 and Solaris 10 may lead to Directory Traversal.
    version35

Redhat

advisories
  • rhsa
    idRHSA-2008:0648
  • rhsa
    idRHSA-2008:0862
  • rhsa
    idRHSA-2008:0864
rpms
  • tomcat5-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-0:5.5.23-0jpp_4rh.9
  • tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9
  • tomcat5-common-lib-0:5.5.23-0jpp_4rh.9
  • tomcat5-jasper-0:5.5.23-0jpp_4rh.9
  • tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9
  • tomcat5-server-lib-0:5.5.23-0jpp_4rh.9
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9
  • tomcat5-webapps-0:5.5.23-0jpp_4rh.9
  • tomcat5-0:5.5.23-0jpp_12rh
  • tomcat5-common-lib-0:5.5.23-0jpp_12rh
  • tomcat5-jasper-0:5.5.23-0jpp_12rh
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh
  • tomcat5-server-lib-0:5.5.23-0jpp_12rh
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh
  • jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4
  • jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5
  • tomcat5-0:5.0.30-0jpp_12rh
  • ant-0:1.6.5-1jpp_1rh
  • avalon-logkit-0:1.2-2jpp_4rh
  • axis-0:1.2.1-1jpp_3rh
  • classpathx-jaf-0:1.0-2jpp_6rh
  • classpathx-mail-0:1.1.1-2jpp_8rh
  • geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh
  • geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-specs-0:1.0-0.M4.1jpp_10rh
  • geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh
  • jakarta-commons-modeler-0:2.0-3jpp_2rh
  • log4j-0:1.2.12-1jpp_1rh
  • mx4j-1:3.0.1-1jpp_4rh
  • pcsc-lite-0:1.3.3-3.el4
  • pcsc-lite-debuginfo-0:1.3.3-3.el4
  • pcsc-lite-doc-0:1.3.3-3.el4
  • pcsc-lite-libs-0:1.3.3-3.el4
  • rhpki-ca-0:7.3.0-20.el4
  • rhpki-java-tools-0:7.3.0-10.el4
  • rhpki-kra-0:7.3.0-14.el4
  • rhpki-manage-0:7.3.0-19.el4
  • rhpki-native-tools-0:7.3.0-6.el4
  • rhpki-ocsp-0:7.3.0-13.el4
  • rhpki-tks-0:7.3.0-13.el4
  • tomcat5-0:5.5.23-0jpp_4rh.16
  • tomcat5-common-lib-0:5.5.23-0jpp_4rh.16
  • tomcat5-jasper-0:5.5.23-0jpp_4rh.16
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16
  • tomcat5-server-lib-0:5.5.23-0jpp_4rh.16
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16
  • xerces-j2-0:2.7.1-1jpp_1rh
  • xml-commons-0:1.3.02-2jpp_1rh
  • xml-commons-apis-0:1.3.02-2jpp_1rh

References