CVE-2008-5515

high

Description

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.

References

https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html

https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html

https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

http://www.vupen.com/english/advisories/2010/3056

http://www.vupen.com/english/advisories/2009/3316

http://www.vupen.com/english/advisories/2009/1856

http://www.vupen.com/english/advisories/2009/1535

http://www.vupen.com/english/advisories/2009/1520

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.securityfocus.com/bid/35263

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securityfocus.com/archive/1/504202/100/0/threaded

http://www.securityfocus.com/archive/1/504170/100/0/threaded

http://www.mandriva.com/security/advisories?name=MDVSA-2010:176

http://www.mandriva.com/security/advisories?name=MDVSA-2009:138

http://www.mandriva.com/security/advisories?name=MDVSA-2009:136

http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html

http://www.debian.org/security/2011/dsa-2207

http://tomcat.apache.org/security-6.html

http://tomcat.apache.org/security-5.html

http://tomcat.apache.org/security-4.html

http://support.apple.com/kb/HT4077

http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1

http://secunia.com/advisories/44183

http://secunia.com/advisories/42368

http://secunia.com/advisories/39317

http://secunia.com/advisories/37460

http://secunia.com/advisories/35788

http://secunia.com/advisories/35685

http://secunia.com/advisories/35393

http://marc.info/?l=bugtraq&m=136485229118404&w=2

http://marc.info/?l=bugtraq&m=129070310906557&w=2

http://marc.info/?l=bugtraq&m=127420533226623&w=2

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

http://jvn.jp/en/jp/JVN63832775/index.html

Details

Source: Mitre, NVD

Published: 2009-06-16

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High