Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2008-2370
HistoryAug 04, 2008 - 1:41 a.m.

CVE-2008-2370

2008-08-0401:41:00
CWE-22
[email protected]
web.nvd.nist.gov
67
4
cve-2008-2370
apache tomcat
directory traversal
vulnerability
nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.3 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.5%

JSON

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a … (dot dot) in a request parameter.

Affected configurations

NVD
Node
apachetomcatMatch4.1.0
OR
apachetomcatMatch4.1.1
OR
apachetomcatMatch4.1.2
OR
apachetomcatMatch4.1.3
OR
apachetomcatMatch4.1.4
OR
apachetomcatMatch4.1.5
OR
apachetomcatMatch4.1.6
OR
apachetomcatMatch4.1.7
OR
apachetomcatMatch4.1.8
OR
apachetomcatMatch4.1.9
OR
apachetomcatMatch4.1.10
OR
apachetomcatMatch4.1.11
OR
apachetomcatMatch4.1.12
OR
apachetomcatMatch4.1.13
OR
apachetomcatMatch4.1.14
OR
apachetomcatMatch4.1.15
OR
apachetomcatMatch4.1.16
OR
apachetomcatMatch4.1.17
OR
apachetomcatMatch4.1.18
OR
apachetomcatMatch4.1.19
OR
apachetomcatMatch4.1.20
OR
apachetomcatMatch4.1.21
OR
apachetomcatMatch4.1.22
OR
apachetomcatMatch4.1.23
OR
apachetomcatMatch4.1.24
OR
apachetomcatMatch4.1.25
OR
apachetomcatMatch4.1.26
OR
apachetomcatMatch4.1.27
OR
apachetomcatMatch4.1.28
OR
apachetomcatMatch4.1.29
OR
apachetomcatMatch4.1.30
OR
apachetomcatMatch4.1.31
OR
apachetomcatMatch4.1.32
OR
apachetomcatMatch4.1.33
OR
apachetomcatMatch4.1.34
OR
apachetomcatMatch4.1.35
OR
apachetomcatMatch4.1.36
OR
apachetomcatMatch4.1.37
OR
apachetomcatMatch5.5.0
OR
apachetomcatMatch5.5.1
OR
apachetomcatMatch5.5.2
OR
apachetomcatMatch5.5.3
OR
apachetomcatMatch5.5.4
OR
apachetomcatMatch5.5.5
OR
apachetomcatMatch5.5.6
OR
apachetomcatMatch5.5.7
OR
apachetomcatMatch5.5.8
OR
apachetomcatMatch5.5.9
OR
apachetomcatMatch5.5.10
OR
apachetomcatMatch5.5.11
OR
apachetomcatMatch5.5.12
OR
apachetomcatMatch5.5.13
OR
apachetomcatMatch5.5.14
OR
apachetomcatMatch5.5.15
OR
apachetomcatMatch5.5.16
OR
apachetomcatMatch5.5.17
OR
apachetomcatMatch5.5.18
OR
apachetomcatMatch5.5.19
OR
apachetomcatMatch5.5.20
OR
apachetomcatMatch5.5.21
OR
apachetomcatMatch5.5.22
OR
apachetomcatMatch5.5.23
OR
apachetomcatMatch5.5.24
OR
apachetomcatMatch5.5.25
OR
apachetomcatMatch5.5.26
OR
apachetomcatMatch6.0.0
OR
apachetomcatMatch6.0.1
OR
apachetomcatMatch6.0.2
OR
apachetomcatMatch6.0.3
OR
apachetomcatMatch6.0.4
OR
apachetomcatMatch6.0.5
OR
apachetomcatMatch6.0.6
OR
apachetomcatMatch6.0.7
OR
apachetomcatMatch6.0.8
OR
apachetomcatMatch6.0.9
OR
apachetomcatMatch6.0.10
OR
apachetomcatMatch6.0.11
OR
apachetomcatMatch6.0.12
OR
apachetomcatMatch6.0.13
OR
apachetomcatMatch6.0.14
OR
apachetomcatMatch6.0.15
OR
apachetomcatMatch6.0.16

References

Social References

More

Related

cvelist 3
nvd 3
ubuntucve 2
veracode 1
nessus 18
f5 3
osv 4
securityvulns 3
prion 3
github 3
cve 2
openvas 23
vmware 4
tomcat 3
redhat 5
fedora 3
atlassian 2
oraclelinux 1
centos 1
ibm 1
cvelist
cvelist
CVE-2008-2370
2008-08-04 01:00:00
CVE-2018-1316
2009-08-08 00:00:00
CVE-2008-2938
2008-08-13 00:00:00
nvd
nvd
CVE-2008-2370
2008-08-04 01:41:00
CVE-2018-1316
2018-03-05 14:29:00
CVE-2008-2938
2008-08-13 00:41:00
ubuntucve
ubuntucve
CVE-2008-2370
2008-08-04 00:00:00
CVE-2008-2938
2008-08-13 00:00:00
veracode
veracode
Directory Traversal
2018-11-09 07:23:15
nessus
nessus
F5 Networks BIG-IP : Apache Tomcat information disclosure vulnerability (SOL9110)
2014-10-10 00:00:00
RHEL 4 / 5 : jbossweb (RHSA-2008:0877)
2013-01-24 00:00:00
Apache Tomcat 4.x < 4.1.39 Multiple Vulnerabilities
2010-06-11 00:00:00
f5
f5
SOL9110 - Apache Tomcat information disclosure vulnerability - CVE-2008-2370
2008-09-01 00:00:00
K9110 : Apache Tomcat information disclosure vulnerability - CVE-2008-2370
2013-03-25 00:00:00
K67352212 : Apache vulnerabilities CVE-2018-1286, CVE-2018-1294, CVE-2018-1316, CVE-2018-1319, and CVE-2018-1324
2018-09-04 00:00:00
osv
osv
Apache Tomcat Path Traversal Vulnerability
2022-05-01 23:49:31
CVE-2018-1316
2018-03-05 14:29:00
Apache Tomcat Directory Traversal vulnerability
2022-05-01 23:55:04
securityvulns
securityvulns
[SECURITY] CVE-2008-2370: Apache CouchDB Timing Attack Vulnerability
2010-04-05 00:00:00
[CVE-2008-2370] Apache Tomcat information disclosure vulnerability
2008-08-01 00:00:00
Apache Tomcat multiple security vulnerabilities
2009-01-28 00:00:00
prion
prion
Directory traversal
2008-08-04 01:41:00
Directory traversal
2018-03-05 14:29:00
Directory traversal
2008-08-13 00:41:00
github
github
Apache Tomcat Path Traversal Vulnerability
2022-05-01 23:49:31
Apache Tomcat Directory Traversal vulnerability
2022-05-01 23:55:04
Apache ODE Path Traversal vulnerability
2022-05-14 03:35:05
cve
cve
CVE-2008-2938
2008-08-13 00:41:00
CVE-2018-1316
2018-03-05 14:29:00
openvas
openvas
Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
2008-08-07 00:00:00
Oracle: Security Advisory (ELSA-2008-0648)
2015-10-08 00:00:00
Fedora Update for tomcat5 FEDORA-2008-8113
2009-02-17 00:00:00
vmware
vmware
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-02-23 00:00:00
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-02-23 00:00:00
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
2009-11-20 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.18
2008-07-31 00:00:00
Fixed in Apache Tomcat 5.5.27
2008-09-08 00:00:00
Fixed in Apache Tomcat 4.1.39
2008-01-07 00:00:00
redhat
redhat
(RHSA-2008:0877) Important: jbossweb security update
2008-09-22 00:00:00
(RHSA-2008:0864) Important: tomcat security update
2008-10-02 00:00:00
(RHSA-2008:0648) Important: tomcat security update
2008-08-27 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: tomcat6-6.0.18-1.1.fc9
2008-09-11 17:17:43
[SECURITY] Fedora 9 Update: tomcat5-5.5.27-0jpp.2.fc9
2008-09-16 23:25:10
[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8
2008-09-16 23:28:35
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
oraclelinux
oraclelinux
tomcat security update
2008-08-27 00:00:00
centos
centos
tomcat5 security update
2008-08-28 22:01:41
ibm
ibm
Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries
2023-01-27 10:54:22

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.3 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.5%

JSON
Related for CVE-2008-2370
cvelist3nvd3ubuntucve2veracode1nessus18f53osv4securityvulns3prion3github3cve2openvas23vmware4tomcat3redhat5fedora3atlassian2oraclelinux1centos1ibm1