CVE-2008-2370
Publication date 4 August 2008
Last updated 24 July 2024
Ubuntu priority
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
Status
Package | Ubuntu Release | Status |
---|---|---|
tomcat5.5 | 8.10 intrepid |
Fixed 5.5.26-3ubuntu1
|
8.04 LTS hardy |
Fixed 5.5.25-5ubuntu1.1
|
|
7.10 gutsy | Ignored end of life, was needed | |
7.04 feisty | Ignored end of life, was needed | |
6.06 LTS dapper | Not in release | |
tomcat6 | 8.10 intrepid |
Not affected
|
8.04 LTS hardy | Not in release | |
7.10 gutsy | Not in release | |
7.04 feisty | Not in release | |
6.06 LTS dapper | Not in release |