Vulnerabilities > CVE-2008-2938 - Path Traversal vulnerability in Apache Tomcat
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Relative Path Traversal An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
- Directory Traversal An attacker with access to file system resources, either directly or via application logic, will use various file path specification or navigation mechanisms such as ".." in path strings and absolute paths to extend their range of access to inappropriate areas of the file system. The attacker attempts to either explore the file system for recon purposes or access directories and files that are intended to be restricted from their access. Exploring the file system can be achieved through constructing paths presented to directory listing programs, such as "ls" and 'dir', or through specially crafted programs that attempt to explore the file system. The attacker engaging in this type of activity is searching for information that can be used later in a more exploitive attack. Access to restricted directories or files can be achieved through modification of path references utilized by system applications.
- File System Function Injection, Content Based An attack of this type exploits the host's trust in executing remote content including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the attacker and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The attacker exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the attacker knows the standard handling routines and can identify vulnerabilities and entry points they can be exploited by otherwise seemingly normal content. Once the attack is executed, the attackers' program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.
- Using Slashes and URL Encoding Combined to Bypass Validation Logic This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
- Manipulating Input to File System Calls An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
D2sec
name | Apache Tomcat File Disclosure |
url | http://www.d2sec.com/exploits/apache_tomcat_file_disclosure.html |
Exploit-Db
description Apache Tomcat < 6.0.18 UTF8 Directory Traversal Vulnerability. CVE-2008-2938. Remote exploit for unix platform id EDB-ID:14489 last seen 2016-02-01 modified 2010-07-28 published 2010-07-28 reporter mywisdom source https://www.exploit-db.com/download/14489/ title Apache Tomcat < 6.0.18 utf8 - Directory Traversal Vulnerability description Apache Tomcat < 6.0.18 UTF8 Directory Traversal Vulnerability. CVE-2008-2938. Remote exploits for multiple platform file exploits/multiple/remote/6229.txt id EDB-ID:6229 last seen 2016-02-01 modified 2008-08-11 platform multiple port published 2008-08-11 reporter Simon Ryeo source https://www.exploit-db.com/download/6229/ title apache tomcat < 6.0.18 utf8 - Directory Traversal Vulnerability type remote
Metasploit
description This module tests whether a directory traversal vulnerablity is present in Trend Micro DLP (Data Loss Prevention) Appliance v5.5 build <= 1294. The vulnerability appears to be actually caused by the Tomcat UTF-8 bug which is implemented in module tomcat_utf8_traversal CVE 2008-2938. This module simply tests for the same bug with Trend Micro specific settings. Note that in the Trend Micro appliance, /etc/shadow is not used and therefore password hashes are stored and anonymously accessible in the passwd file. id MSF:AUXILIARY/ADMIN/HTTP/TRENDMICRO_DLP_TRAVERSAL last seen 2020-02-09 modified 2017-11-08 published 2011-09-22 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/admin/http/trendmicro_dlp_traversal.rb title TrendMicro Data Loss Prevention 5.5 Directory Traversal description This module tests whether a directory traversal vulnerability is present in versions of Apache Tomcat 4.1.0 - 4.1.37, 5.5.0 - 5.5.26 and 6.0.0 \- 6.0.16 under specific and non-default installations. The connector must have allowLinking set to true and URIEncoding set to UTF-8. Furthermore, the vulnerability actually occurs within Java and not Tomcat; the server must use Java versions prior to Sun 1.4.2_19, 1.5.0_17, 6u11 - or prior IBM Java 5.0 SR9, 1.4.2 SR13, SE 6 SR4 releases. This module has only been tested against RedHat 9 running Tomcat 6.0.16 and Sun JRE 1.5.0-05. You may wish to change FILE (hosts,sensitive files), MAXDIRS and RPORT depending on your environment. id MSF:AUXILIARY/ADMIN/HTTP/TOMCAT_UTF8_TRAVERSAL last seen 2020-03-15 modified 2018-10-18 published 2010-08-23 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/admin/http/tomcat_utf8_traversal.rb title Tomcat UTF-8 Directory Traversal Vulnerability
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_TOMCAT5-5539.NASL description This update of tomcat fixes another directory traversal bug which occurs when allowLinking and UTF-8 are enabled. (CVE-2008-2938) last seen 2020-06-01 modified 2020-06-02 plugin id 34154 published 2008-09-10 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34154 title SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5539) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(34154); script_version ("1.17"); script_cvs_date("Date: 2019/10/25 13:36:33"); script_cve_id("CVE-2008-2938"); script_name(english:"SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5539)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update of tomcat fixes another directory traversal bug which occurs when allowLinking and UTF-8 are enabled. (CVE-2008-2938)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2938.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5539."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat File Disclosure"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(22); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/08/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLES10", sp:1, reference:"tomcat5-5.0.30-27.30")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"tomcat5-admin-webapps-5.0.30-27.30")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"tomcat5-webapps-5.0.30-27.30")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"tomcat5-5.0.30-27.30")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"tomcat5-admin-webapps-5.0.30-27.30")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"tomcat5-webapps-5.0.30-27.30")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");
NASL family SuSE Local Security Checks NASL id SUSE_TOMCAT5-5542.NASL description This update of tomcat fixes another directory traversal bug which occurs when allowLinking and UTF-8 are enabled. (CVE-2008-2938) last seen 2020-06-01 modified 2020-06-02 plugin id 34155 published 2008-09-10 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34155 title openSUSE 10 Security Update : tomcat5 (tomcat5-5542) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update tomcat5-5542. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(34155); script_version ("1.14"); script_cvs_date("Date: 2019/10/25 13:36:33"); script_cve_id("CVE-2008-2938"); script_name(english:"openSUSE 10 Security Update : tomcat5 (tomcat5-5542)"); script_summary(english:"Check for the tomcat5-5542 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of tomcat fixes another directory traversal bug which occurs when allowLinking and UTF-8 are enabled. (CVE-2008-2938)" ); script_set_attribute( attribute:"solution", value:"Update the affected tomcat5 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat File Disclosure"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(22); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat5-admin-webapps"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat5-webapps"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"patch_publication_date", value:"2008/08/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( rpm_check(release:"SUSE10.2", reference:"tomcat5-5.0.30-65") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"tomcat5-admin-webapps-5.0.30-65") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"tomcat5-webapps-5.0.30-65") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat"); }
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-188.NASL description A number of vulnerabilities have been discovered in the Apache Tomcat server : The default catalina.policy in the JULI logging component did not restrict certain permissions for web applications which could allow a remote attacker to modify logging configuration options and overwrite arbitrary files (CVE-2007-5342). A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers (CVE-2008-1232). A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter (CVE-2008-1947). A traversal vulnerability was found when using a RequestDispatcher in combination with a servlet or JSP that could allow a remote attacker to utilize a specially crafted request parameter to access protected web resources (CVE-2008-2370). A traversal vulnerability was found when the last seen 2020-06-01 modified 2020-06-02 plugin id 36926 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36926 title Mandriva Linux Security Advisory : tomcat5 (MDVSA-2008:188) NASL family SuSE Local Security Checks NASL id SUSE9_12232.NASL description This update of tomcat fixes another directory traversal bug which occurs when allowLinking and UTF-8 are enabled. (CVE-2008-2938) last seen 2020-06-01 modified 2020-06-02 plugin id 41238 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41238 title SuSE9 Security Update : Tomcat (YOU Patch Number 12232) NASL family SuSE Local Security Checks NASL id SUSE_WEBSPHERE-AS_CE-5850.NASL description Websphere has been updated to version 2.1.0.1 to fix several security vulnerabilities in the included subprojects, such as Apache Geronimo and Tomcat. (CVE-2007-0184 / CVE-2007-0185 / CVE-2007-2377 / CVE-2007-2449 / CVE-2007-2450 / CVE-2007-3382 / CVE-2007-3385 / CVE-2007-3386 / CVE-2007-5333 / CVE-2007-5342 / CVE-2007-5461 / CVE-2007-5613 / CVE-2007-5615 / CVE-2007-6286 / CVE-2008-0002 / CVE-2008-1232 / CVE-2008-1947 / CVE-2008-2370 / CVE-2008-2938) last seen 2020-06-01 modified 2020-06-02 plugin id 41596 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41596 title SuSE 10 Security Update : Websphere Community Edition (ZYPP Patch Number 5850) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-007.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-007 applied. This security update contains fixes for the following products : - Apache - Certificates - ClamAV - ColorSync - CUPS - Finder - launchd - libxslt - MySQL Server - Networking - PHP - Postfix - PSNormalizer - QuickLook - rlogin - Script Editor - Single Sign-On - Tomcat - vim - Weblog last seen 2020-06-01 modified 2020-06-02 plugin id 34374 published 2008-10-10 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34374 title Mac OS X Multiple Vulnerabilities (Security Update 2008-007) NASL family CGI abuses NASL id TOMCAT_UTF8_DIR_TRAVERSAL.NASL description The version of Apache Tomcat running on the remote host is affected by a directory traversal vulnerability due to an issue with the UTF-8 charset implementation within the underlying JVM. An unauthenticated, remote attacker can exploit this, by encoding directory traversal sequences as UTF-8 in a request, to view arbitrary files on the remote host. Note that successful exploitation requires that a context be configured with last seen 2020-06-01 modified 2020-06-02 plugin id 33866 published 2008-08-12 reporter This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33866 title Apache Tomcat allowLinking UTF-8 Traversal Arbitrary File Access NASL family SuSE Local Security Checks NASL id SUSE_11_0_TOMCAT6-080821.NASL description This update of tomcat fixes another directory traversal bug which occurs when allowLinking and UTF-8 are enabled. (CVE-2008-2938) last seen 2020-06-01 modified 2020-06-02 plugin id 40143 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40143 title openSUSE Security Update : tomcat6 (tomcat6-161) NASL family Fedora Local Security Checks NASL id FEDORA_2008-8130.NASL description - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com> 0:5.5.27-0jpp.2 - add commons-io symlink - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com> 0:5.5.27-0jpp.1 - 5.5.27 Resolves: rhbz#456120 Resolves: rhbz#457934 Resolves: rhbz#446393 Resolves: rhbz#457597 - Tue Feb 12 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.2 - Rebuilt - Fri Feb 8 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.1 - Update to new upstream version, which also fixes the following : - CVE-2007-5342 - CVE-2007-5333 - CVE-2007-5461 - CVE-2007-6286 - Removed patch20, now in upstream. - Sat Jan 5 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-2jpp.2 - Fix for bz #153187 - Fix init script for bz #380921 - Fix tomcat5.conf and spec file for bz #253605 - Fix for bz #426850 - Fix for bz #312561 - Fix init script, per bz #247077 - Fix builds on alpha, per bz #253827 - Thu Nov 15 2007 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-1jpp.1 - Updated to 5.5.25, to fix the following issues : - CVE-2007-1355 - CVE-2007-3386 - CVE-2007-3385 - CVE-2007-3382 - CVE-2007-2450, RH bugzilla #244808, #244810, #244812, #363081 - CVE-2007-2449, RH bugzilla #244810, #244812, #244804, #363081 - Applied patch(20) for RH bugzilla #333791, CVE-2007-5461 - Applied patch(21) for RH bugzilla #244803, #244812, #363081, CVE-2007-1358 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34227 published 2008-09-17 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34227 title Fedora 8 : tomcat5-5.5.27-0jpp.2.fc8 (2008-8130) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-1007.NASL description Updated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server. This update has been rated as having low security impact by the Red Hat Security Response Team. This update corrects several security vulnerabilities in the Tomcat component shipped as part of Red Hat Network Satellite Server. In a typical operating environment, Tomcat is not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271) Users of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update to these Tomcat packages which resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43842 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43842 title RHEL 4 : tomcat in Satellite Server (RHSA-2008:1007) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0648.NASL description From Red Hat Security Advisory 2008:0648 : Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError() method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232) An additional cross-site scripting vulnerability was discovered in the host manager application. A remote attacker could inject arbitrary web script or HTML via the hostname parameter. (CVE-2008-1947) A traversal vulnerability was discovered when using a RequestDispatcher in combination with a servlet or JSP. A remote attacker could utilize a specially crafted request parameter to access protected web resources. (CVE-2008-2370) An additional traversal vulnerability was discovered when the last seen 2020-06-01 modified 2020-06-02 plugin id 67733 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67733 title Oracle Linux 5 : tomcat (ELSA-2008-0648) NASL family Fedora Local Security Checks NASL id FEDORA_2008-7977.NASL description This release fixes several security-related issues. In addition, this release fixes several user-reported problems related to the startup scripts and file layout. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34185 published 2008-09-12 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34185 title Fedora 9 : tomcat6-6.0.18-1.1.fc9 (2008-7977) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0648.NASL description Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError() method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232) An additional cross-site scripting vulnerability was discovered in the host manager application. A remote attacker could inject arbitrary web script or HTML via the hostname parameter. (CVE-2008-1947) A traversal vulnerability was discovered when using a RequestDispatcher in combination with a servlet or JSP. A remote attacker could utilize a specially crafted request parameter to access protected web resources. (CVE-2008-2370) An additional traversal vulnerability was discovered when the last seen 2020-06-01 modified 2020-06-02 plugin id 34057 published 2008-08-28 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34057 title RHEL 5 : tomcat (RHSA-2008:0648) NASL family SuSE Local Security Checks NASL id SUSE_TOMCAT55-5547.NASL description This update of tomcat fixes another directory traversal bug which occurs when allowLinking and UTF-8 are enabled. (CVE-2008-2938) last seen 2020-06-01 modified 2020-06-02 plugin id 34168 published 2008-09-11 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34168 title openSUSE 10 Security Update : tomcat55 (tomcat55-5547) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0648.NASL description Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError() method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232) An additional cross-site scripting vulnerability was discovered in the host manager application. A remote attacker could inject arbitrary web script or HTML via the hostname parameter. (CVE-2008-1947) A traversal vulnerability was discovered when using a RequestDispatcher in combination with a servlet or JSP. A remote attacker could utilize a specially crafted request parameter to access protected web resources. (CVE-2008-2370) An additional traversal vulnerability was discovered when the last seen 2020-06-01 modified 2020-06-02 plugin id 43703 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43703 title CentOS 5 : tomcat5 (CESA-2008:0648) NASL family Scientific Linux Local Security Checks NASL id SL_20080827_TOMCAT_ON_SL5_X.NASL description A cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError() method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232) An additional cross-site scripting vulnerability was discovered in the host manager application. A remote attacker could inject arbitrary web script or HTML via the hostname parameter. (CVE-2008-1947) A traversal vulnerability was discovered when using a RequestDispatcher in combination with a servlet or JSP. A remote attacker could utilize a specially crafted request parameter to access protected web resources. (CVE-2008-2370) An additional traversal vulnerability was discovered when the last seen 2020-06-01 modified 2020-06-02 plugin id 60470 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60470 title Scientific Linux Security Update : tomcat on SL5.x i386/x86_64 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0877.NASL description An updated jbossweb package that fixes various security issues is now available for JBoss Enterprise Application Platform (JBoss EAP) 4.2 and 4.3. This update has been rated as having important security impact by the Red Hat Security Response Team. JBoss Web Server (jbossweb) is an enterprise ready web server designed for medium and large applications, is based on Apache Tomcat, and is embedded into JBoss Application Server. It provides organizations with a single deployment platform for JavaServer Pages (JSP) and Java Servlet technologies, Microsoft(r) .NET, PHP, and CGI. A traversal vulnerability was discovered when using a RequestDispatcher in combination with a servlet or JSP. A remote attacker could utilize a specially crafted request parameter to access protected web resources. (CVE-2008-2370) An additional traversal vulnerability was discovered when the last seen 2020-06-01 modified 2020-06-02 plugin id 63868 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63868 title RHEL 4 / 5 : jbossweb (RHSA-2008:0877) NASL family Fedora Local Security Checks NASL id FEDORA_2008-8113.NASL description - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com> 0:5.5.27-0jpp.2 - add commons-io symlink - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com> 0:5.5.27-0jpp.1 - 5.5.27 Resolves: rhbz#456120 Resolves: rhbz#457934 Resolves: rhbz#446393 Resolves: rhbz#457597 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34226 published 2008-09-17 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34226 title Fedora 9 : tomcat5-5.5.27-0jpp.2.fc9 (2008-8113)
Oval
accepted | 2013-04-29T04:06:53.827-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version. | ||||||||||||
family | unix | ||||||||||||
id | oval:org.mitre.oval:def:10587 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
title | Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version. | ||||||||||||
version | 18 |
Packetstorm
data source https://packetstormsecurity.com/files/download/74165/oc4j-traversal.txt id PACKETSTORM:74165 last seen 2016-12-05 published 2009-01-21 reporter Sirdarckcat source https://packetstormsecurity.com/files/74165/Oracle-Containers-For-Java-Traversal.html title Oracle Containers For Java Traversal data source https://packetstormsecurity.com/files/download/92240/apachetomcat-traversal.txt id PACKETSTORM:92240 last seen 2016-12-05 published 2010-07-28 reporter Simon Ryeo source https://packetstormsecurity.com/files/92240/Apache-Tomcat-UTF-8-Directory-Traversal.html title Apache Tomcat UTF-8 Directory Traversal data source https://packetstormsecurity.com/files/download/82649/SN-2009-02.txt id PACKETSTORM:82649 last seen 2016-12-05 published 2009-11-17 reporter Alberto Trivero source https://packetstormsecurity.com/files/82649/ToutVirtual-VirtualIQ-Pro-XSS-XSRF-Execution.html title ToutVirtual VirtualIQ Pro XSS / XSRF / Execution data source https://packetstormsecurity.com/files/download/69010/tomcat-traverse.txt id PACKETSTORM:69010 last seen 2016-12-05 published 2008-08-13 reporter Simon Ryeo source https://packetstormsecurity.com/files/69010/tomcat-traverse.txt.html title tomcat-traverse.txt
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Seebug
bulletinFamily exploit description No description provided by source. id SSV:12603 last seen 2017-11-19 modified 2009-11-10 published 2009-11-10 reporter Root source https://www.seebug.org/vuldb/ssvid-12603 title ToutVirtual VirtualIQ Multiple Vulnerabilities bulletinFamily exploit description BUGTRAQ ID:30633 CVE ID:CVE-2008-2938 CNCVE ID:CNCVE-20082938 Apache Tomcat是一款流行的开放源码的JSP应用服务器程序。。 Apache Tomcat不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB服务程序上下文查看任意本地文件。 此漏洞发生是由于JAVA处理输入存在问题,如果context.xml或server.xml允许'allowLinking'和'URIencoding'为'UTF-8',攻击者可以以WEB权限获得重要的系统文件内容。 Apache Software Foundation Tomcat 6.0.16 Apache Software Foundation Tomcat 6.0.15 Apache Software Foundation Tomcat 6.0.14 Apache Software Foundation Tomcat 6.0.13 Apache Software Foundation Tomcat 6.0.12 Apache Software Foundation Tomcat 6.0.11 Apache Software Foundation Tomcat 6.0.10 Apache Software Foundation Tomcat 6.0.9 Apache Software Foundation Tomcat 6.0.8 Apache Software Foundation Tomcat 6.0.7 Apache Software Foundation Tomcat 6.0.6 Apache Software Foundation Tomcat 6.0.5 Apache Software Foundation Tomcat 6.0.4 Apache Software Foundation Tomcat 6.0.3 Apache Software Foundation Tomcat 6.0.2 Apache Software Foundation Tomcat 6.0.1 Apache Software Foundation Tomcat 6.0 Apache Software Foundation Tomcat 5.5.26 Apache Software Foundation Tomcat 5.5.25 Apache Software Foundation Tomcat 5.5.24 Apache Software Foundation Tomcat 5.5.23 Apache Software Foundation Tomcat 5.5.22 Apache Software Foundation Tomcat 5.5.21 Apache Software Foundation Tomcat 5.5.20 Apache Software Foundation Tomcat 5.5.19 Apache Software Foundation Tomcat 5.5.18 Apache Software Foundation Tomcat 5.5.17 Apache Software Foundation Tomcat 5.5.16 Apache Software Foundation Tomcat 5.5.15 Apache Software Foundation Tomcat 5.5.14 Apache Software Foundation Tomcat 5.5.13 Apache Software Foundation Tomcat 5.5.12 Apache Software Foundation Tomcat 5.5.11 Apache Software Foundation Tomcat 5.5.10 Apache Software Foundation Tomcat 5.5.9 Apache Software Foundation Tomcat 5.5.8 Apache Software Foundation Tomcat 5.5.7 Apache Software Foundation Tomcat 5.5.6 Apache Software Foundation Tomcat 5.5.5 Apache Software Foundation Tomcat 5.5.4 Apache Software Foundation Tomcat 5.5.3 Apache Software Foundation Tomcat 5.5.2 Apache Software Foundation Tomcat 5.5.1 Apache Software Foundation Tomcat 5.5 Apache Software Foundation Tomcat 4.1.37 Apache Software Foundation Tomcat 4.1.36 Apache Software Foundation Tomcat 4.1.36 Apache Software Foundation Tomcat 4.1.34 Apache Software Foundation Tomcat 4.1.34 + Gentoo Linux 1.4 _rc3 + Gentoo Linux 1.4 _rc2 + Gentoo Linux 1.4 _rc1 + Gentoo Linux 1.2 Apache Software Foundation Tomcat 4.1.32 Apache Software Foundation Tomcat 4.1.31 Apache Software Foundation Tomcat 4.1.30 Apache Software Foundation Tomcat 4.1.29 Apache Software Foundation Tomcat 4.1.28 Apache Software Foundation Tomcat 4.1.24 + Gentoo Linux 1.4 _rc3 + Gentoo Linux 1.4 _rc2 + Gentoo Linux 1.4 _rc1 + Gentoo Linux 1.2 Apache Software Foundation Tomcat 4.1.12 Apache Software Foundation Tomcat 4.1.10 Apache Software Foundation Tomcat 4.1.9 beta Apache Software Foundation Tomcat 4.1.3 beta Apache Software Foundation Tomcat 4.1.3 Apache Software Foundation Tomcat 4.1 升级到最新版本6.0.18: <a href=http://tomcat.apache.org target=_blank>http://tomcat.apache.org</a> 临时解决方案为: 禁用allowLinking或不要设置URIencoding为UTF8。 id SSV:3822 last seen 2017-11-19 modified 2008-08-12 published 2008-08-12 reporter Root source https://www.seebug.org/vuldb/ssvid-3822 title Apache Tomcat UTF-8目录遍历漏洞 bulletinFamily exploit description No description provided by source. id SSV:65645 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-65645 title apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability bulletinFamily exploit description No description provided by source. id SSV:67058 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-67058 title toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities bulletinFamily exploit description No description provided by source. id SSV:9284 last seen 2017-11-19 modified 2008-08-11 published 2008-08-11 reporter Root source https://www.seebug.org/vuldb/ssvid-9284 title Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability bulletinFamily exploit description No description provided by source. id SSV:14334 last seen 2017-11-19 modified 2009-11-07 published 2009-11-07 reporter Root source https://www.seebug.org/vuldb/ssvid-14334 title ToutVirtual VirtualIQ Pro 3.2 Multiple Vulnerabilities
References
- http://tomcat.apache.org/security-6.html
- http://www.securityfocus.com/bid/30633
- http://www.redhat.com/support/errata/RHSA-2008-0648.html
- http://www.kb.cert.org/vuls/id/343355
- http://secunia.com/advisories/31639
- http://www.securitytracker.com/id?1020665
- http://tomcat.apache.org/security-4.html
- http://tomcat.apache.org/security-5.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
- http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
- http://secunia.com/advisories/31891
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
- http://secunia.com/advisories/31865
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
- http://www.redhat.com/support/errata/RHSA-2008-0862.html
- http://www.redhat.com/support/errata/RHSA-2008-0864.html
- http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
- http://www.securityfocus.com/bid/31681
- http://support.apple.com/kb/HT3216
- http://secunia.com/advisories/32222
- http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
- http://securityreason.com/securityalert/4148
- http://secunia.com/advisories/31982
- http://marc.info/?l=bugtraq&m=123376588623823&w=2
- http://secunia.com/advisories/33797
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://secunia.com/advisories/32120
- http://secunia.com/advisories/32266
- http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt
- http://secunia.com/advisories/37297
- http://www.vupen.com/english/advisories/2009/0320
- http://www.vupen.com/english/advisories/2008/2823
- http://www.vupen.com/english/advisories/2008/2343
- http://www.vupen.com/english/advisories/2008/2780
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44411
- https://www.exploit-db.com/exploits/6229
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10587
- http://www.securityfocus.com/archive/1/507729/100/0/threaded
- http://www.securityfocus.com/archive/1/495318/100/0/threaded
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E