Apache Tomcat Directory Traversal Vulnerability
Publish Date: 21 luglio 2015
Gravità: : Medio
Identificatori CVE: CVE-2008-2938
Data notifica: 21 luglio 2015
Descrizione
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1002691
Trend Micro Deep Security DPI Rule Name: 1002691 - Apache Tomcat Directory Traversal Vulnerability
Software e versione interessati:
- apache tomcat 6.0.0
- apache tomcat 6.0.1
- apache tomcat 6.0.10
- apache tomcat 6.0.11
- apache tomcat 6.0.12
- apache tomcat 6.0.13
- apache tomcat 6.0.14
- apache tomcat 6.0.15
- apache tomcat 6.0.2
- apache tomcat 6.0.3
- apache tomcat 6.0.4
- apache tomcat 6.0.5
- apache tomcat 6.0.6
- apache tomcat 6.0.7
- apache tomcat 6.0.8
- apache tomcat 6.0.9
- apache_software_foundation tomcat 6.0.16