Lucene search

Basic search
Lucene search
Search by product

Vendors

Products

Dsquare SecurityE-197

HistoryFeb 01, 2012 - 12:00 a.m.

Apache Tomcat File Disclosure

2012-02-0100:00:00

Dsquare Security

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.969 High

EPSS

Percentile

99.6%

JSON

Originally reported as a Tomcat vulnerability the root cause of this issue is that the JVM does not correctly decode UTF-8 encoded URLs to UTF-8.

Vulnerability Type: File Disclosure

For the exploit source code contact DSquare Security sales team.

References

vulners.com/BID/BID:30633

vulners.com/BID/BID:31681

vulners.com/NID/NID:33866

vulners.com/OSVDB/OSVDB:47464

openvas 24

packetstorm 4

nessus 18

securityvulns 7

seebug 6

checkpoint_advisories 2

exploitpack 2

cert 1

d2 1

veracode 1

exploitdb 2

ubuntucve 1

osv 1

cve 1

prion 1

github 1

redhat 5

centos 1

oraclelinux 1

atlassian 2

fedora 3

openvas

SLES10: Security update for Tomcat 5

2009-10-13 00:00:00

SLES9: Security update for Tomcat

2009-10-10 00:00:00

SLES9: Security update for Tomcat

2009-10-10 00:00:00

packetstorm

tomcat-traverse.txt

2008-08-13 00:00:00

Oracle Containers For Java Traversal

2009-01-21 00:00:00

Apache Tomcat UTF-8 Directory Traversal

2010-07-28 00:00:00

nessus

SuSE9 Security Update : Tomcat (YOU Patch Number 12232)

2009-09-24 00:00:00

openSUSE Security Update : tomcat6 (tomcat6-161)

2009-07-21 00:00:00

SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5539)

2008-09-10 00:00:00

securityvulns

Java Runtime UTF-8 Decoder Smuggling Vector

2009-01-11 00:00:00

[SECURITY] CVE-2008-2938 - Apache Tomcat information disclosure vulnerability - Update 2

2008-12-19 00:00:00

[SECURITY] CVE-2008-2938 - Apache Tomcat information disclosure vulnerability - Updated

2008-09-10 00:00:00

seebug

Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability

2008-08-11 00:00:00

apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability

2014-07-01 00:00:00

Apache Tomcat UTF-8目录遍历漏洞

2008-08-12 00:00:00

checkpoint_advisories

Preemptive Protection against Apache Tomcat allowLinking URIencoding Directory Traversal Vulnerability

2008-08-19 00:00:00

Apache Tomcat URIencoding Directory Traversal (CVE-2007-0450; CVE-2008-2938)

2009-11-01 00:00:00

exploitpack

Apache Tomcat 6.0.18 - utf8 Directory Traversal (PoC)

2008-08-11 00:00:00

toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities

2009-11-07 00:00:00

cert

Apache Tomcat UTF8 Directory Traversal Vulnerability

2008-08-19 00:00:00

DSquare Exploit Pack: D2SEC_TOMCAT_UTF8

2008-08-13 00:41:00

veracode

Directory Traversal

2018-11-09 01:31:46

exploitdb

Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC)

2008-08-11 00:00:00

toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities

2009-11-07 00:00:00

ubuntucve

CVE-2008-2938

2008-08-13 00:00:00

osv

Apache Tomcat Directory Traversal vulnerability

2022-05-01 23:55:04

cve

CVE-2008-2938

2008-08-13 00:41:00

prion

Directory traversal

2008-08-13 00:41:00

github

Apache Tomcat Directory Traversal vulnerability

2022-05-01 23:55:04

redhat

(RHSA-2008:0877) Important: jbossweb security update

2008-09-22 00:00:00

(RHSA-2008:0648) Important: tomcat security update

2008-08-27 00:00:00

(RHSA-2008:0864) Important: tomcat security update

2008-10-02 00:00:00

centos

tomcat5 security update

2008-08-28 22:01:41

oraclelinux

tomcat security update

2008-08-27 00:00:00

atlassian

Upgrade standalone Tomcat to 5.5.25

2008-01-15 04:23:59

Upgrade standalone Tomcat to 5.5.25

2008-01-15 04:23:59

fedora

[SECURITY] Fedora 9 Update: tomcat5-5.5.27-0jpp.2.fc9

2008-09-16 23:25:10

[SECURITY] Fedora 9 Update: tomcat6-6.0.18-1.1.fc9

2008-09-11 17:17:43

[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8

2008-09-16 23:28:35

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.969 High

EPSS

Percentile

99.6%

JSON

Related for E-197