Lucene search

K

Ubuntu.comUB:CVE-2009-2693

HistoryJan 28, 2010 - 12:00 a.m.

CVE-2009-2693

2010-01-2800:00:00

ubuntu.com

ubuntu.com

7

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.004 Low

EPSS

Percentile

72.6%

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and
6.0.0 through 6.0.20 allows remote attackers to create or overwrite
arbitrary files via a … (dot dot) in an entry in a WAR file, as
demonstrated by a …/…/bin/catalina.bat entry.

OSVersionArchitecturePackageVersionFilename
ubuntu8.10noarchtomcat6< 6.0.18-0ubuntu3.3UNKNOWN
ubuntu9.04noarchtomcat6< 6.0.18-0ubuntu6.2UNKNOWN
ubuntu9.10noarchtomcat6< 6.0.20-2ubuntu2.1UNKNOWN

References

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

www.securityfocus.com/archive/1/archive/1/509148/100/0/threaded

launchpad.net/bugs/cve/CVE-2009-2693

nvd.nist.gov/vuln/detail/CVE-2009-2693

security-tracker.debian.org/tracker/CVE-2009-2693

ubuntu.com/security/notices/USN-899-1

www.cve.org/CVERecord?id=CVE-2009-2693

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.004 Low

EPSS

Percentile

72.6%

Related for UB:CVE-2009-2693

github1 veracode1 prion1 cve1 osv1 nessus25 openvas22 ubuntu1 securityvulns3 redhat3 tomcat2 oraclelinux1 centos1 debian1 gentoo1 threatpost1