CVE-2009-2693

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in maven/org.apache.tomcat/tomcat

Identifiers

GHSA-ggx9-4728-588r, CVE-2009-2693

Package Slug

maven/org.apache.tomcat/tomcat

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.

Affected Versions

All versions starting from 5.5.0 up to 5.5.28, all versions starting from 6.0.0 up to 6.0.20

Solution

Unfortunately, there is no solution available yet.

Last Modified

2024-02-09

source