Lucene search
Ubuntu.comUB:CVE-2008-2370HistoryAug 04, 2008 - 12:00 a.m.
CVE-2008-2370
2008-08-0400:00:00
ubuntu.com
ubuntu.com
8
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.018 Low
EPSS
Percentile
88.0%
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through
6.0.16, when a RequestDispatcher is used, performs path normalization
before removing the query string from the URI, which allows remote
attackers to conduct directory traversal attacks and read arbitrary files
via a … (dot dot) in a request parameter.
Bugs
Related
f5
f5
SOL9110 - Apache Tomcat information disclosure vulnerability - CVE-2008-2370
2008-09-01 00:00:00
K9110 : Apache Tomcat information disclosure vulnerability - CVE-2008-2370
2013-03-25 00:00:00
osv
osv
Apache Tomcat Path Traversal Vulnerability
2022-05-01 23:49:31
Apache ODE Path Traversal vulnerability
2022-05-14 03:35:05
CVE-2018-1316
2018-03-05 14:29:00
veracode
veracode
Directory Traversal
2018-11-09 07:23:15
prion
prion
Directory traversal
2008-08-04 01:41:00
Directory traversal
2018-03-05 14:29:00
Directory traversal
2008-08-13 00:41:00
securityvulns
securityvulns
[SECURITY] CVE-2008-2370: Apache CouchDB Timing Attack Vulnerability
2010-04-05 00:00:00
[CVE-2008-2370] Apache Tomcat information disclosure vulnerability
2008-08-01 00:00:00
Apache Tomcat multiple security vulnerabilities
2009-01-28 00:00:00
github
github
Apache Tomcat Path Traversal Vulnerability
2022-05-01 23:49:31
Apache Tomcat Directory Traversal vulnerability
2022-05-01 23:55:04
Apache ODE Path Traversal vulnerability
2022-05-14 03:35:05
nessus
nessus
F5 Networks BIG-IP : Apache Tomcat information disclosure vulnerability (SOL9110)
2014-10-10 00:00:00
RHEL 4 / 5 : jbossweb (RHSA-2008:0877)
2013-01-24 00:00:00
cve
cve
ubuntucve
ubuntucve
CVE-2008-2938
2008-08-13 00:00:00
openvas
openvas
Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
2008-08-07 00:00:00
RedHat Update for tomcat RHSA-2008:0648-01
2009-03-06 00:00:00
Fedora Update for tomcat6 FEDORA-2008-7977
2009-02-17 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.18
2008-07-31 00:00:00
Fixed in Apache Tomcat 5.5.27
2008-09-08 00:00:00
Fixed in Apache Tomcat 4.1.39
2008-01-07 00:00:00
vmware
vmware
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-02-23 00:00:00
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-02-23 00:00:00
redhat
redhat
(RHSA-2008:0877) Important: jbossweb security update
2008-09-22 00:00:00
(RHSA-2008:0648) Important: tomcat security update
2008-08-27 00:00:00
(RHSA-2008:0864) Important: tomcat security update
2008-10-02 00:00:00
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
centos
centos
tomcat5 security update
2008-08-28 22:01:41
oraclelinux
oraclelinux
tomcat security update
2008-08-27 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: tomcat6-6.0.18-1.1.fc9
2008-09-11 17:17:43
[SECURITY] Fedora 9 Update: tomcat5-5.5.27-0jpp.2.fc9
2008-09-16 23:25:10
[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8
2008-09-16 23:28:35
ibm
ibm
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.018 Low
EPSS
Percentile
88.0%
Related for UB:CVE-2008-2370