Vulnerability in N/a
CVE-2008-2370
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct direc…
EPSS: 0.880 (99.5th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- 30494 (vdb-entry, x_refsource_BID)
- tomcat.apache.org/security-4.html (x_refsource_CONFIRM)
- 20080801 [CVE-2008-2370] Apache Tomcat information disclosure vulnerability (mailing-list, x_refsource_BUGTRAQ)
- oval:org.mitre.oval:def:10577 (x_refsource_OVAL, signature, vdb-entry)
- ADV-2009-1535 (vdb-entry, x_refsource_VUPEN)
- RHSA-2008:0862 (x_refsource_REDHAT, vendor-advisory)
- 34013 (x_refsource_SECUNIA, third-party-advisory)
- ADV-2008-2823 (vdb-entry, x_refsource_VUPEN)
- 37460 (x_refsource_SECUNIA, third-party-advisory)
- www.vmware.com/security/advisories/VMSA-2009-0002.html (x_refsource_CONFIRM)