Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2008-5515

Опубликовано: 16 июн. 2009
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 5

Описание

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.

РелизСтатусПримечание
dapper

ignored

end of life
devel

DNE

hardy

DNE

intrepid

DNE

jaunty

DNE

karmic

DNE

lucid

DNE

maverick

DNE

natty

DNE

oneiric

DNE

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

hardy

ignored

end of life
intrepid

ignored

end of life, was needed
jaunty

ignored

end of life
karmic

DNE

lucid

DNE

maverick

DNE

natty

DNE

oneiric

DNE

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

not-affected

6.0.20-1ubuntu1
hardy

DNE

intrepid

released

6.0.18-0ubuntu3.2
jaunty

released

6.0.18-0ubuntu6.1
karmic

not-affected

6.0.20-1ubuntu1
lucid

not-affected

6.0.20-1ubuntu1
maverick

not-affected

6.0.20-1ubuntu1
natty

not-affected

6.0.20-1ubuntu1
oneiric

not-affected

6.0.20-1ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 97%
0.36055
Средний

5 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2008-5515

redhat
около 16 лет назад

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.

nvd логотип

CVE-2008-5515

nvd
около 16 лет назад

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.

debian логотип

CVE-2008-5515

debian
около 16 лет назад

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 throug ...

github логотип

GHSA-9737-qmgc-hfr9

CVSS3: 5.3
github
около 3 лет назад

Directory Traversal in Apache Tomcat

oracle-oval логотип

ELSA-2009-1164

oracle-oval
почти 16 лет назад

ELSA-2009-1164: tomcat security update (IMPORTANT)

EPSS

Процентиль: 97%
0.36055
Средний

5 Medium

CVSS2