CVE-2008-2938

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 4.1.0 through 4.1.37 Apache Tomcat versions 5.5.0 through 5.5.26 Apache Tomcat versions 6.0.0 through 6.0.16

Description The issue allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI when allowLinking and UTF-8 are enabled.

Recommendations For versions 4.1.0 through 4.1.37, consider disabling the allowLinking feature to prevent exploitation. For versions 5.5.0 through 5.5.26, restrict access to sensitive files and directories to minimize the risk of arbitrary file reading. For versions 6.0.0 through 6.0.16, avoid using UTF-8 encoding in the URI to prevent directory traversal attacks.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2008-2938

GHSA-M7XJ-CCQC-P4G2

HPSBUX02401

RHSA-2008:0648

RHSA-2008:0862

RHSA-2008:0864

RHSA-2008:0877

RHSA-2008:1007

RHSA-2008_0648

Affected Products

Apache Tomcat

Hp-Ux

Red Hat

CVE-2008-2938

Weakness Enumeration

Related Identifiers

Affected Products

References · 74