PublicDateAtUSN: 2009-06-16
Candidate: CVE-2008-5515
PublicDate: 2009-06-16 21:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515
 https://ubuntu.com/security/notices/USN-788-1
Description:
 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through
 6.0.18, and possibly earlier versions normalizes the target pathname before
 filtering the query string when using the RequestDispatcher method, which
 allows remote attackers to bypass intended access restrictions and conduct
 directory traversal attacks via .. (dot dot) sequences and the WEB-INF
 directory in a Request.
Ubuntu-Description:
Notes:
 mdeslaur> example PoC: http://seclists.org/bugtraq/2009/Jun/0086.html
Bugs:
Priority: medium
Discovered-by: Iida Minehiko
Assigned-to:
CVSS: 

Patches_tomcat6:
 upstream: http://svn.apache.org/viewvc?view=rev&revision=734734
upstream_tomcat6: released (6.0.20)
dapper_tomcat6: DNE
hardy_tomcat6: DNE
intrepid_tomcat6: released (6.0.18-0ubuntu3.2)
jaunty_tomcat6: released (6.0.18-0ubuntu6.1)
karmic_tomcat6: not-affected (6.0.20-1ubuntu1)
lucid_tomcat6: not-affected (6.0.20-1ubuntu1)
maverick_tomcat6: not-affected (6.0.20-1ubuntu1)
natty_tomcat6: not-affected (6.0.20-1ubuntu1)
oneiric_tomcat6: not-affected (6.0.20-1ubuntu1)
devel_tomcat6: not-affected (6.0.20-1ubuntu1)

Patches_tomcat5:
upstream_tomcat5: needs-triage
dapper_tomcat5: ignored (reached end-of-life)
hardy_tomcat5: DNE
intrepid_tomcat5: DNE
jaunty_tomcat5: DNE
karmic_tomcat5: DNE
lucid_tomcat5: DNE
maverick_tomcat5: DNE
natty_tomcat5: DNE
oneiric_tomcat5: DNE
devel_tomcat5: DNE

Patches_tomcat5.5:
 upstream: http://svn.apache.org/viewvc?view=rev&revision=782757
upstream_tomcat5.5: released (5.5.28)
dapper_tomcat5.5: DNE
hardy_tomcat5.5: ignored (reached end-of-life)
intrepid_tomcat5.5: needed (reached end-of-life)
jaunty_tomcat5.5: ignored (reached end-of-life)
karmic_tomcat5.5: DNE
lucid_tomcat5.5: DNE
maverick_tomcat5.5: DNE
natty_tomcat5.5: DNE
oneiric_tomcat5.5: DNE
devel_tomcat5.5: DNE