Summary: | <=www-servers/tomcat-{6.0.18, 5.5.27-r3} RequestDispatcher directory traversal (CVE-2008-5515) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mike Weissman <mike> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | java |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://tomcat.apache.org/security.html | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 272566, 273931, 329937 | ||
Bug Blocks: | 322979 |
Description
Mike Weissman
2009-06-10 22:12:00 UTC
CVE-2008-5515 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5515): Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. Will be added to glsa request. tomcat 5.5.x has been removed from the main tree because it's heading its eol in 2012-09-30 and it's unmaintained on our side (all the effort goes to 6.x and 7.x releases). tomcat 5.5.x has been moved to java-overlay for those that still need it. This CVE is already on an existing GLSA request, so added the bug too. what is the status of this bug? there is no affected version in the tree for quite some time. This issue was resolved and addressed in GLSA 201206-24 at http://security.gentoo.org/glsa/glsa-201206-24.xml by GLSA coordinator Tobias Heinlein (keytoaster). |