Lucene search

[email protected]CVE-2009-2902

HistoryJan 28, 2010 - 8:30 p.m.

CVE-2009-2902

2010-01-2820:30:01

CWE-22

[email protected]

web.nvd.nist.gov

cve-2009-2902

apache tomcat

directory traversal

vulnerability

nvd

security

apache tomcat 5.5

apache tomcat 6.0

remote attackers

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.3%

JSON

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the …war filename.

Affected configurations

NVD

Node

apachetomcatMatch5.5.0

apachetomcatMatch5.5.1

apachetomcatMatch5.5.2

apachetomcatMatch5.5.3

apachetomcatMatch5.5.4

apachetomcatMatch5.5.5

apachetomcatMatch5.5.6

apachetomcatMatch5.5.7

apachetomcatMatch5.5.8

apachetomcatMatch5.5.9

apachetomcatMatch5.5.10

apachetomcatMatch5.5.11

apachetomcatMatch5.5.12

apachetomcatMatch5.5.13

apachetomcatMatch5.5.14

apachetomcatMatch5.5.15

apachetomcatMatch5.5.16

apachetomcatMatch5.5.17

apachetomcatMatch5.5.18

apachetomcatMatch5.5.19

apachetomcatMatch5.5.20

apachetomcatMatch5.5.21

apachetomcatMatch5.5.22

apachetomcatMatch5.5.23

apachetomcatMatch5.5.24

apachetomcatMatch5.5.25

apachetomcatMatch5.5.26

apachetomcatMatch5.5.27

apachetomcatMatch5.5.28

apachetomcatMatch6.0

apachetomcatMatch6.0.0

apachetomcatMatch6.0.1

apachetomcatMatch6.0.2

apachetomcatMatch6.0.3

apachetomcatMatch6.0.4

apachetomcatMatch6.0.5

apachetomcatMatch6.0.6

apachetomcatMatch6.0.7

apachetomcatMatch6.0.8

apachetomcatMatch6.0.9

apachetomcatMatch6.0.10

apachetomcatMatch6.0.11

apachetomcatMatch6.0.12

apachetomcatMatch6.0.13

apachetomcatMatch6.0.14

apachetomcatMatch6.0.15

apachetomcatMatch6.0.16

apachetomcatMatch6.0.17

apachetomcatMatch6.0.18

apachetomcatMatch6.0.19

apachetomcatMatch6.0.20

CPENameOperatorVersion
apache:tomcatapache tomcateq5.5.0
apache:tomcatapache tomcateq5.5.1
apache:tomcatapache tomcateq5.5.2
apache:tomcatapache tomcateq5.5.3
apache:tomcatapache tomcateq5.5.4
apache:tomcatapache tomcateq5.5.5
apache:tomcatapache tomcateq5.5.6
apache:tomcatapache tomcateq5.5.7
apache:tomcatapache tomcateq5.5.8
apache:tomcatapache tomcateq5.5.9

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	5.5.0
apache:tomcat	apache tomcat	eq	5.5.1
apache:tomcat	apache tomcat	eq	5.5.2
apache:tomcat	apache tomcat	eq	5.5.3
apache:tomcat	apache tomcat	eq	5.5.4
apache:tomcat	apache tomcat	eq	5.5.5
apache:tomcat	apache tomcat	eq	5.5.6
apache:tomcat	apache tomcat	eq	5.5.7
apache:tomcat	apache tomcat	eq	5.5.8
apache:tomcat	apache tomcat	eq	5.5.9

Rows per page:

1-10 of 511

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

lists.opensuse.org/opensuse-updates/2012-12/msg00089.html

lists.opensuse.org/opensuse-updates/2012-12/msg00090.html

lists.opensuse.org/opensuse-updates/2013-01/msg00037.html

marc.info/?l=bugtraq&m=127420533226623&w=2

marc.info/?l=bugtraq&m=133469267822771&w=2

marc.info/?l=bugtraq&m=136485229118404&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

secunia.com/advisories/38316

secunia.com/advisories/38346

secunia.com/advisories/38541

secunia.com/advisories/38687

secunia.com/advisories/39317

secunia.com/advisories/40330

secunia.com/advisories/40813

secunia.com/advisories/43310

secunia.com/advisories/57126

securitytracker.com/id?1023504

support.apple.com/kb/HT4077

svn.apache.org/viewvc?rev=892815&view=rev

svn.apache.org/viewvc?rev=902650&view=rev

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

ubuntu.com/usn/usn-899-1

www.debian.org/security/2011/dsa-2207

www.mandriva.com/security/advisories?name=MDVSA-2010:176

www.mandriva.com/security/advisories?name=MDVSA-2010:177

www.redhat.com/support/errata/RHSA-2010-0119.html

www.redhat.com/support/errata/RHSA-2010-0580.html

www.redhat.com/support/errata/RHSA-2010-0582.html

www.securityfocus.com/archive/1/509150/100/0/threaded

www.securityfocus.com/archive/1/516397/100/0/threaded

www.securityfocus.com/bid/37945

www.vmware.com/security/advisories/VMSA-2011-0003.html

www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

www.vupen.com/english/advisories/2010/0213

www.vupen.com/english/advisories/2010/1559

www.vupen.com/english/advisories/2010/1986

exchange.xforce.ibmcloud.com/vulnerabilities/55857

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19431

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7092

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.3%

JSON

Related for CVE-2009-2902

osv1 veracode1 github1 nvd1 prion1 ubuntucve1 cvelist1 securityvulns5 ubuntu1 nessus25 openvas22 redhat3 tomcat2 oraclelinux1 centos1 debian1 gentoo1 threatpost1