CVE-2008-2370

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

🔗 References (120)

• secalert@redhathttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
• secalert@redhathttp://marc.info/?l=bugtraq&m=123376588623823&w=2
• secalert@redhathttp://marc.info/?l=bugtraq&m=139344343412337&w=2
• secalert@redhathttp://secunia.com/advisories/31379
• secalert@redhathttp://secunia.com/advisories/31381
• secalert@redhathttp://secunia.com/advisories/31639
• secalert@redhathttp://secunia.com/advisories/31865
• secalert@redhathttp://secunia.com/advisories/31891
• secalert@redhathttp://secunia.com/advisories/31982
• secalert@redhathttp://secunia.com/advisories/32120
• secalert@redhathttp://secunia.com/advisories/32222
• secalert@redhathttp://secunia.com/advisories/32266
• secalert@redhathttp://secunia.com/advisories/33797