Apache Tomcat Path Traversal Vulnerability

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

References

https://nvd.nist.gov/vuln/detail/CVE-2008-2370
https://exchange.xforce.ibmcloud.com/vulnerabilities/44156
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://marc.info/?l=bugtraq&m=123376588623823&w=2
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://support.apple.com/kb/HT3216
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
http://www.redhat.com/support/errata/RHSA-2008-0648.html
http://www.redhat.com/support/errata/RHSA-2008-0862.html
http://www.redhat.com/support/errata/RHSA-2008-0864.html
http://www.vmware.com/security/advisories/VMSA-2009-0002.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
https://web.archive.org/web/20080827150120/http://securityreason.com/securityalert/4099
https://web.archive.org/web/20090201124618/http://secunia.com/advisories/31381
https://web.archive.org/web/20090201124623/http://secunia.com/advisories/31639
https://web.archive.org/web/20090201124633/http://secunia.com/advisories/31891
https://web.archive.org/web/20090201124638/http://secunia.com/advisories/32120
https://web.archive.org/web/20090201124957/http://secunia.com/advisories/31982
https://web.archive.org/web/20090201125002/http://secunia.com/advisories/32266
https://web.archive.org/web/20090201141000/http://secunia.com/advisories/32222
https://web.archive.org/web/20090207111236/http://secunia.com/advisories/33797
https://web.archive.org/web/20090225175903/http://secunia.com/advisories/33999
https://web.archive.org/web/20090228074535/http://secunia.com/advisories/31379
https://web.archive.org/web/20090228074540/http://secunia.com/advisories/34013
https://web.archive.org/web/20090308065055/http://secunia.com/advisories/31865
https://web.archive.org/web/20090811003155/http://secunia.com/advisories/35393
https://web.archive.org/web/20090828023853/http://secunia.com/advisories/36249
https://web.archive.org/web/20100706231759/http://secunia.com/advisories/37460
https://web.archive.org/web/20110714083521/http://www.securitytracker.com/id?1020623
https://web.archive.org/web/20110714174318/http://www.securityfocus.com/bid/30494
https://web.archive.org/web/20120719164745/http://www.securityfocus.com/archive/1/495022/100/0/threaded
https://web.archive.org/web/20120724210029/http://www.securityfocus.com/bid/31681
https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126
https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

References

Severity

EPSS score

Weaknesses

CVE ID

GHSA ID

Source code