CVE-2008-5515

NONECVSS 0.0

0.0

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.

🔗 References (94)

secalert@redhathttp://jvn.jp/en/jp/JVN63832775/index.html
secalert@redhathttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
secalert@redhathttp://marc.info/?l=bugtraq&m=127420533226623&w=2
secalert@redhathttp://marc.info/?l=bugtraq&m=129070310906557&w=2
secalert@redhathttp://marc.info/?l=bugtraq&m=136485229118404&w=2
secalert@redhathttp://secunia.com/advisories/35393
secalert@redhathttp://secunia.com/advisories/35685
secalert@redhathttp://secunia.com/advisories/35788
secalert@redhathttp://secunia.com/advisories/37460
secalert@redhathttp://secunia.com/advisories/39317
secalert@redhathttp://secunia.com/advisories/42368
secalert@redhathttp://secunia.com/advisories/44183
secalert@redhathttp://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1

Is Your Infrastructure Affected by CVE-2008-5515?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-5515

📅 Published

🔄 Last Modified

🔗 References (94)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-5515?