What is CVE-2008-5515?

CVE-2008-5515 is a vulnerability in N/a. Published 2009-06-16.

Is CVE-2008-5515 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2008-5515

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote att…

EPSS: 0.729 (98.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

tomcat.apache.org/security-4.html (x_refsource_CONFIRM)
HPSBMA02535 (x_refsource_HP, vendor-advisory)
39317 (x_refsource_SECUNIA, third-party-advisory)
MDVSA-2009:138 (vendor-advisory, x_refsource_MANDRIVA)
ADV-2009-1535 (vdb-entry, x_refsource_VUPEN)
FEDORA-2009-11356 (x_refsource_FEDORA, vendor-advisory)
DSA-2207 (vendor-advisory, x_refsource_DEBIAN)
JVN#63832775 (x_refsource_JVN, third-party-advisory)
HPSBUX02860 (x_refsource_HP, vendor-advisory)
37460 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2008-5515?: CVE-2008-5515 is a vulnerability in N/a. Published 2009-06-16.
Is CVE-2008-5515 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.