Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2008-2370

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

  • Published: Aug 4, 2008
  • Updated: Apr 13, 2023
  • CVE: CVE-2008-2370
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
apache / tomcat 4.1.2 4.1.2.x
apache / tomcat 4.1.35 4.1.35.x
apache / tomcat 4.1.36 4.1.36.x
apache / tomcat 5.5.18 5.5.18.x
apache / tomcat 4.1.21 4.1.21.x
apache / tomcat 6.0.6 6.0.6.x
apache / tomcat 6.0.11 6.0.11.x
apache / tomcat 5.5.12 5.5.12.x
apache / tomcat 5.5.14 5.5.14.x
apache / tomcat 4.1.24 4.1.24.x
apache / tomcat 5.5.10 5.5.10.x
apache / tomcat 5.5.4 5.5.4.x
apache / tomcat 5.5.7 5.5.7.x
apache / tomcat 5.5.1 5.5.1.x
apache / tomcat 6.0.7 6.0.7.x
apache / tomcat 5.5.11 5.5.11.x
apache / tomcat 4.1.25 4.1.25.x
apache / tomcat 6.0.4 6.0.4.x
apache / tomcat 5.5.6 5.5.6.x
apache / tomcat 5.5.26 5.5.26.x
apache / tomcat 4.1.4 4.1.4.x
apache / tomcat 5.5.20 5.5.20.x
apache / tomcat 5.5.15 5.5.15.x
apache / tomcat 5.5.5 5.5.5.x
apache / tomcat 4.1.27 4.1.27.x
apache / tomcat 6.0.15 6.0.15.x
apache / tomcat 4.1.30 4.1.30.x
apache / tomcat 4.1.7 4.1.7.x
apache / tomcat 4.1.11 4.1.11.x
apache / tomcat 5.5.21 5.5.21.x
apache / tomcat 4.1.18 4.1.18.x
apache / tomcat 5.5.22 5.5.22.x
apache / tomcat 4.1.14 4.1.14.x
apache / tomcat 6.0.10 6.0.10.x
apache / tomcat 6.0.3 6.0.3.x
apache / tomcat 4.1.19 4.1.19.x
apache / tomcat 6.0.9 6.0.9.x
apache / tomcat 4.1.31 4.1.31.x
apache / tomcat 5.5.3 5.5.3.x
apache / tomcat 4.1.16 4.1.16.x
apache / tomcat 4.1.29 4.1.29.x
apache / tomcat 4.1.22 4.1.22.x
apache / tomcat 4.1.5 4.1.5.x
apache / tomcat 4.1.26 4.1.26.x
apache / tomcat 4.1.13 4.1.13.x
apache / tomcat 4.1.8 4.1.8.x
apache / tomcat 5.5.9 5.5.9.x
apache / tomcat 5.5.25 5.5.25.x
apache / tomcat 6.0.0 6.0.0.x
apache / tomcat 4.1.17 4.1.17.x
apache / tomcat 6.0.14 6.0.14.x
apache / tomcat 5.5.2 5.5.2.x
apache / tomcat 4.1.33 4.1.33.x
apache / tomcat 5.5.0 5.5.0.x
apache / tomcat 4.1.1 4.1.1.x
apache / tomcat 5.5.13 5.5.13.x
apache / tomcat 6.0.1 6.0.1.x
apache / tomcat 6.0.12 6.0.12.x
apache / tomcat 5.5.24 5.5.24.x
apache / tomcat 4.1.12 4.1.12.x
apache / tomcat 4.1.28 4.1.28.x
apache / tomcat 4.1.15 4.1.15.x
apache / tomcat 4.1.10 4.1.10.x
apache / tomcat 5.5.8 5.5.8.x
apache / tomcat 5.5.16 5.5.16.x
apache / tomcat 4.1.0 4.1.0.x
apache / tomcat 6.0.5 6.0.5.x
apache / tomcat 4.1.20 4.1.20.x
apache / tomcat 5.5.17 5.5.17.x
apache / tomcat 4.1.3 4.1.3.x
apache / tomcat 5.5.19 5.5.19.x
apache / tomcat 4.1.23 4.1.23.x
apache / tomcat 4.1.34 4.1.34.x
apache / tomcat 4.1.32 4.1.32.x
apache / tomcat 4.1.37 4.1.37.x
apache / tomcat 6.0.2 6.0.2.x
apache / tomcat 6.0.13 6.0.13.x
apache / tomcat 5.5.23 5.5.23.x
apache / tomcat 4.1.6 4.1.6.x
apache / tomcat 6.0.16 6.0.16.x
apache / tomcat 6.0.8 6.0.8.x
apache / tomcat 4.1.9 4.1.9.x