CVE-2008-2370
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Apache Tomcat Path Traversal Vulnerability
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.tomcat:tomcat | >=4.1.0,<4.1.38 | 4.1.38 |
| Maven | org.apache.tomcat:tomcat | >=5.5.0,<5.5.27 | 5.5.27 |
| Maven | org.apache.tomcat:tomcat | >=6.0.0,<6.0.18 | 6.0.18 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2008-2370
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44156
- https://web.archive.org/web/20090201124638/http://secunia.com/advisories/32120
- https://web.archive.org/web/20090201124957/http://secunia.com/advisories/31982
- https://web.archive.org/web/20090201125002/http://secunia.com/advisories/32266
- https://web.archive.org/web/20090201141000/http://secunia.com/advisories/32222
- https://web.archive.org/web/20090207111236/http://secunia.com/advisories/33797
- https://web.archive.org/web/20090225175903/http://secunia.com/advisories/33999
- https://web.archive.org/web/20090228074535/http://secunia.com/advisories/31379
- https://web.archive.org/web/20090228074540/http://secunia.com/advisories/34013
- https://web.archive.org/web/20090308065055/http://secunia.com/advisories/31865
- https://web.archive.org/web/20090811003155/http://secunia.com/advisories/35393
- https://web.archive.org/web/20090828023853/http://secunia.com/advisories/36249
- https://web.archive.org/web/20100706231759/http://secunia.com/advisories/37460
- https://web.archive.org/web/20110714083521/http://www.securitytracker.com/id?1020623
- https://web.archive.org/web/20110714174318/http://www.securityfocus.com/bid/30494
- https://web.archive.org/web/20120719164745/http://www.securityfocus.com/archive/1/495022/100/0/threaded
- https://web.archive.org/web/20120724210029/http://www.securityfocus.com/bid/31681
- https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126
- https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
- https://github.com/apache/tomcat
- https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
Verify integrity in audit chain (admin only). AS-IS.