GitHub Advisory DatabaseGHSA-GGX9-4728-588RApache Tomcat Directory Traversal vulnerability
6.8 Medium
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.004 Low
EPSS
Percentile
72.6%
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.apache.tomcat:tomcat | lt | 6.0.24 | |
| org.apache.tomcat:tomcat | le | 5.5.28 |
References
lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
marc.info/?l=bugtraq&m=127420533226623&w=2
marc.info/?l=bugtraq&m=133469267822771&w=2
marc.info/?l=bugtraq&m=136485229118404&w=2
marc.info/?l=bugtraq&m=139344343412337&w=2
support.apple.com/kb/HT4077
svn.apache.org/viewvc?rev=892815&view=rev
svn.apache.org/viewvc?rev=902650&view=rev
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
ubuntu.com/usn/usn-899-1
www.debian.org/security/2011/dsa-2207
www.mandriva.com/security/advisories?name=MDVSA-2010:176
www.mandriva.com/security/advisories?name=MDVSA-2010:177
www.vmware.com/security/advisories/VMSA-2011-0003.html
www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
access.redhat.com/errata/RHSA-2010:0119
access.redhat.com/errata/RHSA-2010:0580
access.redhat.com/errata/RHSA-2010:0582
exchange.xforce.ibmcloud.com/vulnerabilities/55855
github.com/advisories/GHSA-ggx9-4728-588r
github.com/apache/tomcat/commit/3e1010b1a2f648581fac3d68afbf18f2979f6bf6
github.com/apache/tomcat55/commit/0299cb724ea71f304d54adfcdb950f59b01fb421
lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2009-2693
oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:19355
oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7017
support.hpe.com/hpesc/public/docDisplay?docId=c02241113
web.archive.org/web/20200229071135/www.securityfocus.com/bid/37944
web.archive.org/web/20200516121700/www.securityfocus.com/archive/1/516397/100/0/threaded
web.archive.org/web/20201206235536/www.securityfocus.com/archive/1/509148/100/0/threaded
Related
6.8 Medium
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.004 Low
EPSS
Percentile
72.6%