CVE-2009-2902

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in maven/org.apache.tomcat/tomcat

Identifiers

GHSA-8wch-9gcg-v2pr, CVE-2009-2902

Package Slug

maven/org.apache.tomcat/tomcat

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

Affected Versions

All versions starting from 5.5.0 up to 5.5.28, all versions starting from 6.0.0 up to 6.0.20

Solution

Upgrade to versions 5.5.29, 6.0.24 or above.

Last Modified

2022-06-19

source