Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2008:0877
HistorySep 22, 2008 - 12:00 a.m.

(RHSA-2008:0877) Important: jbossweb security update

2008-09-2200:00:00
access.redhat.com
21

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.969 High

EPSS

Percentile

99.6%

JSON

JBoss Web Server (jbossweb) is an enterprise ready web server designed for
medium and large applications, is based on Apache Tomcat, and is embedded
into JBoss Application Server. It provides organizations with a single
deployment platform for JavaServer Pages (JSP) and Java Servlet
technologies, Microsoftยฎ .NET, PHP, and CGI.

A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)

An additional traversal vulnerability was discovered when the
โ€œallowLinkingโ€ and โ€œURIencodingโ€ settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the jbossweb process. (CVE-2008-2938)

Users of jbossweb should upgrade to this updated package, which contains
backported patches to resolve these issues.

OSVersionArchitecturePackageVersionFilename
RedHat5noarchjbossweb<ย 2.0.0-5.CP07.0jpp.ep1.1.el5jbossweb-2.0.0-5.CP07.0jpp.ep1.1.el5.noarch.rpm
RedHat5srcjbossweb<ย 2.0.0-5.CP07.0jpp.ep1.1.el5jbossweb-2.0.0-5.CP07.0jpp.ep1.1.el5.src.rpm

Related

nessus 24
securityvulns 12
openvas 29
redhat 4
centos 1
oraclelinux 1
fedora 3
ubuntucve 3
prion 4
github 4
osv 5
cve 4
vmware 4
tomcat 3
atlassian 2
seebug 7
f5 5
veracode 3
packetstorm 4
dsquare 1
exploitpack 2
cert 1
checkpoint_advisories 2
d2 1
exploitdb 2
ibm 1
nessus
nessus
RHEL 4 / 5 : jbossweb (RHSA-2008:0877)
2013-01-24 00:00:00
Scientific Linux Security Update : tomcat on SL5.x i386/x86_64
2012-08-01 00:00:00
Fedora 9 : tomcat6-6.0.18-1.1.fc9 (2008-7977)
2008-09-12 00:00:00
securityvulns
securityvulns
Apache Tomcat multiple security vulnerabilities
2009-01-28 00:00:00
[CVE-2008-1232] Apache Tomcat XSS vulnerability
2008-08-01 00:00:00
ZDI-09-052: CA Unicenter Software Delivery dtscore.dll Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-052 August 7, 2009 -- Affected Vendors: Computer Associates -- Affected Products: Computer Associates Unicenter S
2009-08-08 00:00:00
openvas
openvas
RedHat Update for tomcat RHSA-2008:0648-01
2009-03-06 00:00:00
Fedora Update for tomcat6 FEDORA-2008-7977
2009-02-17 00:00:00
Fedora Update for tomcat6 FEDORA-2008-7977
2009-02-17 00:00:00
redhat
redhat
(RHSA-2008:0648) Important: tomcat security update
2008-08-27 00:00:00
(RHSA-2008:0864) Important: tomcat security update
2008-10-02 00:00:00
(RHSA-2008:1007) Low: tomcat security update for Red Hat Network Satellite Server
2008-12-08 00:00:00
centos
centos
tomcat5 security update
2008-08-28 22:01:41
oraclelinux
oraclelinux
tomcat security update
2008-08-27 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: tomcat5-5.5.27-0jpp.2.fc9
2008-09-16 23:25:10
[SECURITY] Fedora 9 Update: tomcat6-6.0.18-1.1.fc9
2008-09-11 17:17:43
[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8
2008-09-16 23:28:35
ubuntucve
ubuntucve
CVE-2008-2938
2008-08-13 00:00:00
CVE-2008-1232
2008-08-04 00:00:00
CVE-2008-2370
2008-08-04 00:00:00
prion
prion
Directory traversal
2008-08-13 00:41:00
Cross site scripting
2008-08-04 01:41:00
Directory traversal
2008-08-04 01:41:00
github
github
Apache Tomcat Directory Traversal vulnerability
2022-05-01 23:55:04
Apache Tomcat Cross-site scripting (XSS) vulnerability
2022-05-01 23:37:49
Apache Tomcat Path Traversal Vulnerability
2022-05-01 23:49:31
osv
osv
Apache Tomcat Directory Traversal vulnerability
2022-05-01 23:55:04
Apache Tomcat Cross-site scripting (XSS) vulnerability
2022-05-01 23:37:49
Apache Tomcat Path Traversal Vulnerability
2022-05-01 23:49:31
cve
cve
CVE-2008-2938
2008-08-13 00:41:00
CVE-2008-1232
2008-08-04 01:41:00
CVE-2008-2370
2008-08-04 01:41:00
vmware
vmware
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-02-23 00:00:00
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-02-23 00:00:00
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components
2009-11-20 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 5.5.27
2008-09-08 00:00:00
Fixed in Apache Tomcat 6.0.18
2008-07-31 00:00:00
Fixed in Apache Tomcat 4.1.39
2008-01-07 00:00:00
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
seebug
seebug
Apache Tomcat HttpServletResponse.sendError()่ทจ็ซ™่„šๆœฌๆผๆดž
2008-08-04 00:00:00
apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
2014-07-01 00:00:00
Apache Tomcat &lt;= 6.0.18 UTF8 Directory Traversal Vulnerability
2008-08-11 00:00:00
f5
f5
SOL9110 - Apache Tomcat information disclosure vulnerability - CVE-2008-2370
2008-09-01 00:00:00
SOL9108 - Apache Tomcat Cross-site scripting (XSS) vulnerability - CVE-2008-1232
2008-09-01 00:00:00
K9108 : Apache Tomcat Cross-site scripting (XSS) vulnerability - CVE-2008-1232
2013-03-24 00:00:00
veracode
veracode
Directory Traversal
2018-11-09 07:23:15
Cross-site Scripting (XSS)
2018-11-09 06:35:59
Directory Traversal
2018-11-09 01:31:46
packetstorm
packetstorm
tomcat-traverse.txt
2008-08-13 00:00:00
Oracle Containers For Java Traversal
2009-01-21 00:00:00
Apache Tomcat UTF-8 Directory Traversal
2010-07-28 00:00:00
dsquare
dsquare
Apache Tomcat File Disclosure
2012-02-01 00:00:00
exploitpack
exploitpack
Apache Tomcat 6.0.18 - utf8 Directory Traversal (PoC)
2008-08-11 00:00:00
toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities
2009-11-07 00:00:00
cert
cert
Apache Tomcat UTF8 Directory Traversal Vulnerability
2008-08-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against Apache Tomcat allowLinking URIencoding Directory Traversal Vulnerability
2008-08-19 00:00:00
Apache Tomcat URIencoding Directory Traversal (CVE-2007-0450; CVE-2008-2938)
2009-11-01 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_TOMCAT_UTF8
2008-08-13 00:41:00
exploitdb
exploitdb
Apache Tomcat &lt; 6.0.18 - &#039;utf8&#039; Directory Traversal (PoC)
2008-08-11 00:00:00
toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities
2009-11-07 00:00:00
ibm
ibm
Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries
2023-01-27 10:54:22

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.969 High

EPSS

Percentile

99.6%

JSON
Related for RHSA-2008:0877
nessus24securityvulns12openvas29redhat4centos1oraclelinux1fedora3ubuntucve3prion4github4osv5cve4vmware4tomcat3atlassian2seebug7f55veracode3packetstorm4dsquare1exploitpack2cert1checkpoint_advisories2d21exploitdb2ibm1