Описание
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not present |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | not-affected | code not present |
| precise/esm | DNE | |
| trusty | not-affected | code not present |
| trusty/esm | not-affected | code not present |
| upstream | not-affected | code not present |
| vivid/ubuntu-core | DNE | |
| xenial | not-affected | code not present |
| zesty | not-affected | code not present |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 8.5.21-1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | not-affected | code not present |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 8.5.16-1 |
| vivid/ubuntu-core | DNE | |
| xenial | not-affected | code not present |
| zesty | not-affected | code not present |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8 ...
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
Уязвимость реализации HTTP/2 сервера приложений Apache Tomcat, позволяющая нарушителю обойти проверки безопасности
EPSS
5 Medium
CVSS2
7.5 High
CVSS3