5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.971 High
EPSS
Percentile
99.8%
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37,
5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8
are enabled, allows remote attackers to read arbitrary files via encoded
directory traversal sequences in the URI, a different vulnerability than
CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected,
but the vendor advisory lists 6.0.16 as the last affected version.