Lucene search
SirdarckcatPACKETSTORM:74165HistoryJan 21, 2009 - 12:00 a.m.
Oracle Containers For Java Traversal
2009-01-2100:00:00
Sirdarckcat
packetstormsecurity.com
26
0.969 High
EPSS
Percentile
99.6%
`Server Version Info: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server
PoC: http://OC4J/web-app/foobar/%c0%ae%c0%ae/WEB-INF/web.xml
Related: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938
Explaination: The "%c0%ae%c0%ae" is interpreted as: ".." because on
Java's side: "%c0%ae" is interpreted as: "\uC0AE" that get's casted to
an ASCII-LOW char, that is: ".".
You can read dangerous configuration information including passwords,
users, paths, etc..
Discovered: 8/16/08
Vendor contacted: 8/16/08
Vendor response: 8/18/08
Vendor reproduced the issue: 9/10/08
Vendor last contact: 9/30/08
Public Disclosure: 1/19/09
Oracle security bug id: 7391479
For more information contact Oracle Security Team: [email protected]
I really wanted to give a link to a patch, but I think it's better if
this is known by sysadmins so they can filter this using an IDS.
Greetings!!
-- Eduardo
http://www.sirdarckcat.net/
`
Related
dsquare
dsquare
Apache Tomcat File Disclosure
2012-02-01 00:00:00
openvas
openvas
SLES10: Security update for Tomcat 5
2009-10-13 00:00:00
SLES9: Security update for Tomcat
2009-10-10 00:00:00
SLES10: Security update for Tomcat 5
2009-10-13 00:00:00
securityvulns
securityvulns
exploitpack
exploitpack
Apache Tomcat 6.0.18 - utf8 Directory Traversal (PoC)
2008-08-11 00:00:00
toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities
2009-11-07 00:00:00
nessus
nessus
openSUSE 10 Security Update : tomcat5 (tomcat5-5542)
2008-09-10 00:00:00
SuSE9 Security Update : Tomcat (YOU Patch Number 12232)
2009-09-24 00:00:00
Apache Tomcat allowLinking UTF-8 Traversal Arbitrary File Access
2008-08-12 00:00:00
seebug
seebug
apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
2014-07-01 00:00:00
Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability
2008-08-11 00:00:00
Apache Tomcat UTF-8目录遍历漏洞
2008-08-12 00:00:00
cert
cert
Apache Tomcat UTF8 Directory Traversal Vulnerability
2008-08-19 00:00:00
packetstorm
packetstorm
tomcat-traverse.txt
2008-08-13 00:00:00
Apache Tomcat UTF-8 Directory Traversal
2010-07-28 00:00:00
ToutVirtual VirtualIQ Pro XSS / XSRF / Execution
2009-11-17 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_TOMCAT_UTF8
2008-08-13 00:41:00
veracode
veracode
Directory Traversal
2018-11-09 01:31:46
checkpoint_advisories
checkpoint_advisories
exploitdb
exploitdb
Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC)
2008-08-11 00:00:00
toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities
2009-11-07 00:00:00
ubuntucve
ubuntucve
CVE-2008-2938
2008-08-13 00:00:00
prion
prion
Directory traversal
2008-08-13 00:41:00
github
github
Apache Tomcat Directory Traversal vulnerability
2022-05-01 23:55:04
osv
osv
Apache Tomcat Directory Traversal vulnerability
2022-05-01 23:55:04
cve
cve
CVE-2008-2938
2008-08-13 00:41:00
redhat
redhat
(RHSA-2008:0877) Important: jbossweb security update
2008-09-22 00:00:00
(RHSA-2008:0864) Important: tomcat security update
2008-10-02 00:00:00
(RHSA-2008:0648) Important: tomcat security update
2008-08-27 00:00:00
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
oraclelinux
oraclelinux
tomcat security update
2008-08-27 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: tomcat6-6.0.18-1.1.fc9
2008-09-11 17:17:43
[SECURITY] Fedora 9 Update: tomcat5-5.5.27-0jpp.2.fc9
2008-09-16 23:25:10
[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8
2008-09-16 23:28:35
centos
centos
tomcat5 security update
2008-08-28 22:01:41