Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-8wch-9gcg-v2pr

Опубликовано: 02 мая 2022
Источник: github
Github: Прошло ревью

Описание

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

Ссылки

Пакеты

Наименование

org.apache.tomcat:tomcat

maven
Затронутые версииВерсия исправления

>= 5.5.0, <= 5.5.28

5.5.29

Наименование

org.apache.tomcat:tomcat

maven
Затронутые версииВерсия исправления

>= 6.0.0, <= 6.0.20

6.0.24

EPSS

Процентиль: 93%
0.1008
Средний

CVE ID

CVE-2009-2902

Дефекты

CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2009-2902

ubuntu
больше 15 лет назад

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

redhat логотип

CVE-2009-2902

redhat
больше 15 лет назад

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

nvd логотип

CVE-2009-2902

nvd
больше 15 лет назад

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

debian логотип

CVE-2009-2902

debian
больше 15 лет назад

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.2 ...

oracle-oval логотип

ELSA-2010-0580

oracle-oval
почти 15 лет назад

ELSA-2010-0580: tomcat5 security update (IMPORTANT)

EPSS

Процентиль: 93%
0.1008
Средний

CVE ID

CVE-2009-2902

Дефекты

CWE-22