Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-5515)

Description

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.

Remediation

References

Related Vulnerabilities

TYPO3 Improper Input Validation Vulnerability (CVE-2014-9509)

Coppermine Improper Authentication Vulnerability (CVE-2005-3979)

WordPress Plugin FormLift for Infusionsoft Web Forms SQL Injection (7.5.17)

Oracle Database Server CVE-2009-0972 Vulnerability (CVE-2009-0972)

WordPress Plugin Social Sharing Toolkit Cross-Site Scripting (2.6)

Severity

Medium

Classification

CVE-2008-5515 CWE-22

Tags

Missing Update Known Vulnerabilities