Vulnerabilities > CVE-2008-2938 - Path Traversal vulnerability in multiple products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
apache
apache-software-foundation
CWE-22
nessus
exploit available
metasploit

Summary

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Relative Path Traversal
    An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
  • Directory Traversal
    An attacker with access to file system resources, either directly or via application logic, will use various file path specification or navigation mechanisms such as ".." in path strings and absolute paths to extend their range of access to inappropriate areas of the file system. The attacker attempts to either explore the file system for recon purposes or access directories and files that are intended to be restricted from their access. Exploring the file system can be achieved through constructing paths presented to directory listing programs, such as "ls" and 'dir', or through specially crafted programs that attempt to explore the file system. The attacker engaging in this type of activity is searching for information that can be used later in a more exploitive attack. Access to restricted directories or files can be achieved through modification of path references utilized by system applications.
  • File System Function Injection, Content Based
    An attack of this type exploits the host's trust in executing remote content including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the attacker and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The attacker exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the attacker knows the standard handling routines and can identify vulnerabilities and entry points they can be exploited by otherwise seemingly normal content. Once the attack is executed, the attackers' program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.
  • Using Slashes and URL Encoding Combined to Bypass Validation Logic
    This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

D2sec

nameApache Tomcat File Disclosure
urlhttp://www.d2sec.com/exploits/apache_tomcat_file_disclosure.html

Exploit-Db

  • descriptionApache Tomcat < 6.0.18 UTF8 Directory Traversal Vulnerability. CVE-2008-2938. Remote exploit for unix platform
    idEDB-ID:14489
    last seen2016-02-01
    modified2010-07-28
    published2010-07-28
    reportermywisdom
    sourcehttps://www.exploit-db.com/download/14489/
    titleApache Tomcat < 6.0.18 utf8 - Directory Traversal Vulnerability
  • descriptionApache Tomcat < 6.0.18 UTF8 Directory Traversal Vulnerability. CVE-2008-2938. Remote exploits for multiple platform
    fileexploits/multiple/remote/6229.txt
    idEDB-ID:6229
    last seen2016-02-01
    modified2008-08-11
    platformmultiple
    port
    published2008-08-11
    reporterSimon Ryeo
    sourcehttps://www.exploit-db.com/download/6229/
    titleapache tomcat < 6.0.18 utf8 - Directory Traversal Vulnerability
    typeremote

Metasploit

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_TOMCAT5-5539.NASL
    descriptionThis update of tomcat fixes another directory traversal bug which occurs when allowLinking and UTF-8 are enabled. (CVE-2008-2938)
    last seen2020-06-01
    modified2020-06-02
    plugin id34154
    published2008-09-10
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34154
    titleSuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5539)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34154);
      script_version ("1.17");
      script_cvs_date("Date: 2019/10/25 13:36:33");
    
      script_cve_id("CVE-2008-2938");
    
      script_name(english:"SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5539)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of tomcat fixes another directory traversal bug which
    occurs when allowLinking and UTF-8 are enabled. (CVE-2008-2938)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-2938.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5539.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat File Disclosure");
      script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(22);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/08/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLES10", sp:1, reference:"tomcat5-5.0.30-27.30")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"tomcat5-admin-webapps-5.0.30-27.30")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"tomcat5-webapps-5.0.30-27.30")) flag++;
    if (rpm_check(release:"SLES10", sp:2, reference:"tomcat5-5.0.30-27.30")) flag++;
    if (rpm_check(release:"SLES10", sp:2, reference:"tomcat5-admin-webapps-5.0.30-27.30")) flag++;
    if (rpm_check(release:"SLES10", sp:2, reference:"tomcat5-webapps-5.0.30-27.30")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_TOMCAT5-5542.NASL
    descriptionThis update of tomcat fixes another directory traversal bug which occurs when allowLinking and UTF-8 are enabled. (CVE-2008-2938)
    last seen2020-06-01
    modified2020-06-02
    plugin id34155
    published2008-09-10
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34155
    titleopenSUSE 10 Security Update : tomcat5 (tomcat5-5542)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update tomcat5-5542.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34155);
      script_version ("1.14");
      script_cvs_date("Date: 2019/10/25 13:36:33");
    
      script_cve_id("CVE-2008-2938");
    
      script_name(english:"openSUSE 10 Security Update : tomcat5 (tomcat5-5542)");
      script_summary(english:"Check for the tomcat5-5542 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of tomcat fixes another directory traversal bug which
    occurs when allowLinking and UTF-8 are enabled. (CVE-2008-2938)"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected tomcat5 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat File Disclosure");
      script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(22);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat5-admin-webapps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat5-webapps");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/08/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.2", reference:"tomcat5-5.0.30-65") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"tomcat5-admin-webapps-5.0.30-65") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"tomcat5-webapps-5.0.30-65") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-188.NASL
    descriptionA number of vulnerabilities have been discovered in the Apache Tomcat server : The default catalina.policy in the JULI logging component did not restrict certain permissions for web applications which could allow a remote attacker to modify logging configuration options and overwrite arbitrary files (CVE-2007-5342). A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers (CVE-2008-1232). A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter (CVE-2008-1947). A traversal vulnerability was found when using a RequestDispatcher in combination with a servlet or JSP that could allow a remote attacker to utilize a specially crafted request parameter to access protected web resources (CVE-2008-2370). A traversal vulnerability was found when the
    last seen2020-06-01
    modified2020-06-02
    plugin id36926
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36926
    titleMandriva Linux Security Advisory : tomcat5 (MDVSA-2008:188)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12232.NASL
    descriptionThis update of tomcat fixes another directory traversal bug which occurs when allowLinking and UTF-8 are enabled. (CVE-2008-2938)
    last seen2020-06-01
    modified2020-06-02
    plugin id41238
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41238
    titleSuSE9 Security Update : Tomcat (YOU Patch Number 12232)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_WEBSPHERE-AS_CE-5850.NASL
    descriptionWebsphere has been updated to version 2.1.0.1 to fix several security vulnerabilities in the included subprojects, such as Apache Geronimo and Tomcat. (CVE-2007-0184 / CVE-2007-0185 / CVE-2007-2377 / CVE-2007-2449 / CVE-2007-2450 / CVE-2007-3382 / CVE-2007-3385 / CVE-2007-3386 / CVE-2007-5333 / CVE-2007-5342 / CVE-2007-5461 / CVE-2007-5613 / CVE-2007-5615 / CVE-2007-6286 / CVE-2008-0002 / CVE-2008-1232 / CVE-2008-1947 / CVE-2008-2370 / CVE-2008-2938)
    last seen2020-06-01
    modified2020-06-02
    plugin id41596
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41596
    titleSuSE 10 Security Update : Websphere Community Edition (ZYPP Patch Number 5850)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2008-007.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-007 applied. This security update contains fixes for the following products : - Apache - Certificates - ClamAV - ColorSync - CUPS - Finder - launchd - libxslt - MySQL Server - Networking - PHP - Postfix - PSNormalizer - QuickLook - rlogin - Script Editor - Single Sign-On - Tomcat - vim - Weblog
    last seen2020-06-01
    modified2020-06-02
    plugin id34374
    published2008-10-10
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34374
    titleMac OS X Multiple Vulnerabilities (Security Update 2008-007)
  • NASL familyCGI abuses
    NASL idTOMCAT_UTF8_DIR_TRAVERSAL.NASL
    descriptionThe version of Apache Tomcat running on the remote host is affected by a directory traversal vulnerability due to an issue with the UTF-8 charset implementation within the underlying JVM. An unauthenticated, remote attacker can exploit this, by encoding directory traversal sequences as UTF-8 in a request, to view arbitrary files on the remote host. Note that successful exploitation requires that a context be configured with
    last seen2020-06-01
    modified2020-06-02
    plugin id33866
    published2008-08-12
    reporterThis script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33866
    titleApache Tomcat allowLinking UTF-8 Traversal Arbitrary File Access
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_TOMCAT6-080821.NASL
    descriptionThis update of tomcat fixes another directory traversal bug which occurs when allowLinking and UTF-8 are enabled. (CVE-2008-2938)
    last seen2020-06-01
    modified2020-06-02
    plugin id40143
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40143
    titleopenSUSE Security Update : tomcat6 (tomcat6-161)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-8130.NASL
    description - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com> 0:5.5.27-0jpp.2 - add commons-io symlink - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com> 0:5.5.27-0jpp.1 - 5.5.27 Resolves: rhbz#456120 Resolves: rhbz#457934 Resolves: rhbz#446393 Resolves: rhbz#457597 - Tue Feb 12 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.2 - Rebuilt - Fri Feb 8 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.1 - Update to new upstream version, which also fixes the following : - CVE-2007-5342 - CVE-2007-5333 - CVE-2007-5461 - CVE-2007-6286 - Removed patch20, now in upstream. - Sat Jan 5 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-2jpp.2 - Fix for bz #153187 - Fix init script for bz #380921 - Fix tomcat5.conf and spec file for bz #253605 - Fix for bz #426850 - Fix for bz #312561 - Fix init script, per bz #247077 - Fix builds on alpha, per bz #253827 - Thu Nov 15 2007 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-1jpp.1 - Updated to 5.5.25, to fix the following issues : - CVE-2007-1355 - CVE-2007-3386 - CVE-2007-3385 - CVE-2007-3382 - CVE-2007-2450, RH bugzilla #244808, #244810, #244812, #363081 - CVE-2007-2449, RH bugzilla #244810, #244812, #244804, #363081 - Applied patch(20) for RH bugzilla #333791, CVE-2007-5461 - Applied patch(21) for RH bugzilla #244803, #244812, #363081, CVE-2007-1358 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id34227
    published2008-09-17
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34227
    titleFedora 8 : tomcat5-5.5.27-0jpp.2.fc8 (2008-8130)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-1007.NASL
    descriptionUpdated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server. This update has been rated as having low security impact by the Red Hat Security Response Team. This update corrects several security vulnerabilities in the Tomcat component shipped as part of Red Hat Network Satellite Server. In a typical operating environment, Tomcat is not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271) Users of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update to these Tomcat packages which resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43842
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43842
    titleRHEL 4 : tomcat in Satellite Server (RHSA-2008:1007)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0648.NASL
    descriptionFrom Red Hat Security Advisory 2008:0648 : Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError() method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232) An additional cross-site scripting vulnerability was discovered in the host manager application. A remote attacker could inject arbitrary web script or HTML via the hostname parameter. (CVE-2008-1947) A traversal vulnerability was discovered when using a RequestDispatcher in combination with a servlet or JSP. A remote attacker could utilize a specially crafted request parameter to access protected web resources. (CVE-2008-2370) An additional traversal vulnerability was discovered when the
    last seen2020-06-01
    modified2020-06-02
    plugin id67733
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67733
    titleOracle Linux 5 : tomcat (ELSA-2008-0648)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-7977.NASL
    descriptionThis release fixes several security-related issues. In addition, this release fixes several user-reported problems related to the startup scripts and file layout. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id34185
    published2008-09-12
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34185
    titleFedora 9 : tomcat6-6.0.18-1.1.fc9 (2008-7977)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0648.NASL
    descriptionUpdated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError() method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232) An additional cross-site scripting vulnerability was discovered in the host manager application. A remote attacker could inject arbitrary web script or HTML via the hostname parameter. (CVE-2008-1947) A traversal vulnerability was discovered when using a RequestDispatcher in combination with a servlet or JSP. A remote attacker could utilize a specially crafted request parameter to access protected web resources. (CVE-2008-2370) An additional traversal vulnerability was discovered when the
    last seen2020-06-01
    modified2020-06-02
    plugin id34057
    published2008-08-28
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34057
    titleRHEL 5 : tomcat (RHSA-2008:0648)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_TOMCAT55-5547.NASL
    descriptionThis update of tomcat fixes another directory traversal bug which occurs when allowLinking and UTF-8 are enabled. (CVE-2008-2938)
    last seen2020-06-01
    modified2020-06-02
    plugin id34168
    published2008-09-11
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34168
    titleopenSUSE 10 Security Update : tomcat55 (tomcat55-5547)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0648.NASL
    descriptionUpdated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError() method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232) An additional cross-site scripting vulnerability was discovered in the host manager application. A remote attacker could inject arbitrary web script or HTML via the hostname parameter. (CVE-2008-1947) A traversal vulnerability was discovered when using a RequestDispatcher in combination with a servlet or JSP. A remote attacker could utilize a specially crafted request parameter to access protected web resources. (CVE-2008-2370) An additional traversal vulnerability was discovered when the
    last seen2020-06-01
    modified2020-06-02
    plugin id43703
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43703
    titleCentOS 5 : tomcat5 (CESA-2008:0648)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080827_TOMCAT_ON_SL5_X.NASL
    descriptionA cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError() method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232) An additional cross-site scripting vulnerability was discovered in the host manager application. A remote attacker could inject arbitrary web script or HTML via the hostname parameter. (CVE-2008-1947) A traversal vulnerability was discovered when using a RequestDispatcher in combination with a servlet or JSP. A remote attacker could utilize a specially crafted request parameter to access protected web resources. (CVE-2008-2370) An additional traversal vulnerability was discovered when the
    last seen2020-06-01
    modified2020-06-02
    plugin id60470
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60470
    titleScientific Linux Security Update : tomcat on SL5.x i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0877.NASL
    descriptionAn updated jbossweb package that fixes various security issues is now available for JBoss Enterprise Application Platform (JBoss EAP) 4.2 and 4.3. This update has been rated as having important security impact by the Red Hat Security Response Team. JBoss Web Server (jbossweb) is an enterprise ready web server designed for medium and large applications, is based on Apache Tomcat, and is embedded into JBoss Application Server. It provides organizations with a single deployment platform for JavaServer Pages (JSP) and Java Servlet technologies, Microsoft(r) .NET, PHP, and CGI. A traversal vulnerability was discovered when using a RequestDispatcher in combination with a servlet or JSP. A remote attacker could utilize a specially crafted request parameter to access protected web resources. (CVE-2008-2370) An additional traversal vulnerability was discovered when the
    last seen2020-06-01
    modified2020-06-02
    plugin id63868
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63868
    titleRHEL 4 / 5 : jbossweb (RHSA-2008:0877)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-8113.NASL
    description - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com> 0:5.5.27-0jpp.2 - add commons-io symlink - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com> 0:5.5.27-0jpp.1 - 5.5.27 Resolves: rhbz#456120 Resolves: rhbz#457934 Resolves: rhbz#446393 Resolves: rhbz#457597 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id34226
    published2008-09-17
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34226
    titleFedora 9 : tomcat5-5.5.27-0jpp.2.fc9 (2008-8113)

Oval

accepted2013-04-29T04:06:53.827-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionDirectory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
familyunix
idoval:org.mitre.oval:def:10587
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleDirectory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
version18

Packetstorm

Redhat

advisories
  • bugzilla
    id457934
    titleCVE-2008-2370 tomcat RequestDispatcher information disclosure vulnerability
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commenttomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.7.el5_2.1
            ovaloval:com.redhat.rhsa:tst:20080648001
          • commenttomcat5-jsp-2.0-api is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327004
        • AND
          • commenttomcat5-webapps is earlier than 0:5.5.23-0jpp.7.el5_2.1
            ovaloval:com.redhat.rhsa:tst:20080648003
          • commenttomcat5-webapps is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327006
        • AND
          • commenttomcat5-common-lib is earlier than 0:5.5.23-0jpp.7.el5_2.1
            ovaloval:com.redhat.rhsa:tst:20080648005
          • commenttomcat5-common-lib is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327002
        • AND
          • commenttomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.7.el5_2.1
            ovaloval:com.redhat.rhsa:tst:20080648007
          • commenttomcat5-jsp-2.0-api-javadoc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327012
        • AND
          • commenttomcat5-jasper is earlier than 0:5.5.23-0jpp.7.el5_2.1
            ovaloval:com.redhat.rhsa:tst:20080648009
          • commenttomcat5-jasper is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327010
        • AND
          • commenttomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.7.el5_2.1
            ovaloval:com.redhat.rhsa:tst:20080648011
          • commenttomcat5-admin-webapps is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327008
        • AND
          • commenttomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.7.el5_2.1
            ovaloval:com.redhat.rhsa:tst:20080648013
          • commenttomcat5-jasper-javadoc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327018
        • AND
          • commenttomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.7.el5_2.1
            ovaloval:com.redhat.rhsa:tst:20080648015
          • commenttomcat5-servlet-2.4-api-javadoc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327016
        • AND
          • commenttomcat5 is earlier than 0:5.5.23-0jpp.7.el5_2.1
            ovaloval:com.redhat.rhsa:tst:20080648017
          • commenttomcat5 is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327014
        • AND
          • commenttomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.7.el5_2.1
            ovaloval:com.redhat.rhsa:tst:20080648019
          • commenttomcat5-servlet-2.4-api is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327022
        • AND
          • commenttomcat5-server-lib is earlier than 0:5.5.23-0jpp.7.el5_2.1
            ovaloval:com.redhat.rhsa:tst:20080648021
          • commenttomcat5-server-lib is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327020
    rhsa
    idRHSA-2008:0648
    released2008-08-27
    severityImportant
    titleRHSA-2008:0648: tomcat security update (Important)
  • rhsa
    idRHSA-2008:0862
  • rhsa
    idRHSA-2008:0864
rpms
  • tomcat5-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1
  • tomcat5-0:5.5.23-0jpp_4rh.9
  • tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9
  • tomcat5-common-lib-0:5.5.23-0jpp_4rh.9
  • tomcat5-jasper-0:5.5.23-0jpp_4rh.9
  • tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9
  • tomcat5-server-lib-0:5.5.23-0jpp_4rh.9
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9
  • tomcat5-webapps-0:5.5.23-0jpp_4rh.9
  • tomcat5-0:5.5.23-0jpp_12rh
  • tomcat5-common-lib-0:5.5.23-0jpp_12rh
  • tomcat5-jasper-0:5.5.23-0jpp_12rh
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh
  • tomcat5-server-lib-0:5.5.23-0jpp_12rh
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh
  • jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4
  • jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5
  • tomcat5-0:5.0.30-0jpp_12rh

Seebug

  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:12603
    last seen2017-11-19
    modified2009-11-10
    published2009-11-10
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-12603
    titleToutVirtual VirtualIQ Multiple Vulnerabilities
  • bulletinFamilyexploit
    descriptionBUGTRAQ ID:30633 CVE ID:CVE-2008-2938 CNCVE ID:CNCVE-20082938 Apache Tomcat是一款流行的开放源码的JSP应用服务器程序。。 Apache Tomcat不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB服务程序上下文查看任意本地文件。 此漏洞发生是由于JAVA处理输入存在问题,如果context.xml或server.xml允许'allowLinking'和'URIencoding'为'UTF-8',攻击者可以以WEB权限获得重要的系统文件内容。 Apache Software Foundation Tomcat 6.0.16 Apache Software Foundation Tomcat 6.0.15 Apache Software Foundation Tomcat 6.0.14 Apache Software Foundation Tomcat 6.0.13 Apache Software Foundation Tomcat 6.0.12 Apache Software Foundation Tomcat 6.0.11 Apache Software Foundation Tomcat 6.0.10 Apache Software Foundation Tomcat 6.0.9 Apache Software Foundation Tomcat 6.0.8 Apache Software Foundation Tomcat 6.0.7 Apache Software Foundation Tomcat 6.0.6 Apache Software Foundation Tomcat 6.0.5 Apache Software Foundation Tomcat 6.0.4 Apache Software Foundation Tomcat 6.0.3 Apache Software Foundation Tomcat 6.0.2 Apache Software Foundation Tomcat 6.0.1 Apache Software Foundation Tomcat 6.0 Apache Software Foundation Tomcat 5.5.26 Apache Software Foundation Tomcat 5.5.25 Apache Software Foundation Tomcat 5.5.24 Apache Software Foundation Tomcat 5.5.23 Apache Software Foundation Tomcat 5.5.22 Apache Software Foundation Tomcat 5.5.21 Apache Software Foundation Tomcat 5.5.20 Apache Software Foundation Tomcat 5.5.19 Apache Software Foundation Tomcat 5.5.18 Apache Software Foundation Tomcat 5.5.17 Apache Software Foundation Tomcat 5.5.16 Apache Software Foundation Tomcat 5.5.15 Apache Software Foundation Tomcat 5.5.14 Apache Software Foundation Tomcat 5.5.13 Apache Software Foundation Tomcat 5.5.12 Apache Software Foundation Tomcat 5.5.11 Apache Software Foundation Tomcat 5.5.10 Apache Software Foundation Tomcat 5.5.9 Apache Software Foundation Tomcat 5.5.8 Apache Software Foundation Tomcat 5.5.7 Apache Software Foundation Tomcat 5.5.6 Apache Software Foundation Tomcat 5.5.5 Apache Software Foundation Tomcat 5.5.4 Apache Software Foundation Tomcat 5.5.3 Apache Software Foundation Tomcat 5.5.2 Apache Software Foundation Tomcat 5.5.1 Apache Software Foundation Tomcat 5.5 Apache Software Foundation Tomcat 4.1.37 Apache Software Foundation Tomcat 4.1.36 Apache Software Foundation Tomcat 4.1.36 Apache Software Foundation Tomcat 4.1.34 Apache Software Foundation Tomcat 4.1.34 + Gentoo Linux 1.4 _rc3 + Gentoo Linux 1.4 _rc2 + Gentoo Linux 1.4 _rc1 + Gentoo Linux 1.2 Apache Software Foundation Tomcat 4.1.32 Apache Software Foundation Tomcat 4.1.31 Apache Software Foundation Tomcat 4.1.30 Apache Software Foundation Tomcat 4.1.29 Apache Software Foundation Tomcat 4.1.28 Apache Software Foundation Tomcat 4.1.24 + Gentoo Linux 1.4 _rc3 + Gentoo Linux 1.4 _rc2 + Gentoo Linux 1.4 _rc1 + Gentoo Linux 1.2 Apache Software Foundation Tomcat 4.1.12 Apache Software Foundation Tomcat 4.1.10 Apache Software Foundation Tomcat 4.1.9 beta Apache Software Foundation Tomcat 4.1.3 beta Apache Software Foundation Tomcat 4.1.3 Apache Software Foundation Tomcat 4.1 升级到最新版本6.0.18: <a href=http://tomcat.apache.org target=_blank>http://tomcat.apache.org</a> 临时解决方案为: 禁用allowLinking或不要设置URIencoding为UTF8。
    idSSV:3822
    last seen2017-11-19
    modified2008-08-12
    published2008-08-12
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-3822
    titleApache Tomcat UTF-8目录遍历漏洞
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:65645
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-65645
    titleapache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:67058
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-67058
    titletoutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:9284
    last seen2017-11-19
    modified2008-08-11
    published2008-08-11
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-9284
    titleApache Tomcat &lt;= 6.0.18 UTF8 Directory Traversal Vulnerability
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:14334
    last seen2017-11-19
    modified2009-11-07
    published2009-11-07
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-14334
    titleToutVirtual VirtualIQ Pro 3.2 Multiple Vulnerabilities

References