CVE-2008-2370

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.securityfocus.com/bid/30494	Exploit Patch
http://www.securitytracker.com/id?1020623
http://secunia.com/advisories/31639
http://secunia.com/advisories/31379
http://secunia.com/advisories/31381
http://www.redhat.com/support/errata/RHSA-2008-0648.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
http://secunia.com/advisories/31891
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
http://secunia.com/advisories/31865
http://www.redhat.com/support/errata/RHSA-2008-0862.html
http://www.redhat.com/support/errata/RHSA-2008-0864.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://www.securityfocus.com/bid/31681
http://support.apple.com/kb/HT3216
http://secunia.com/advisories/32222
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
http://securityreason.com/securityalert/4099
http://secunia.com/advisories/31982
http://marc.info/?l=bugtraq&m=123376588623823&w=2
http://secunia.com/advisories/33797
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://secunia.com/advisories/32120
http://secunia.com/advisories/32266
http://www.vmware.com/security/advisories/VMSA-2009-0002.html
http://www.vupen.com/english/advisories/2009/0503
http://secunia.com/advisories/33999
http://secunia.com/advisories/34013
http://secunia.com/advisories/35393
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html
http://www.vupen.com/english/advisories/2009/1535
http://www.vupen.com/english/advisories/2009/2215
http://secunia.com/advisories/36249
http://secunia.com/advisories/37460
http://www.vupen.com/english/advisories/2009/3316
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2009/0320
http://www.vupen.com/english/advisories/2008/2823
http://www.vupen.com/english/advisories/2008/2305
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://secunia.com/advisories/57126
https://exchange.xforce.ibmcloud.com/vulnerabilities/44156
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/archive/1/495022/100/0/threaded
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:tomcat:4.1.2:::::::*
	cpe:2.3:a:apache:tomcat:4.1.35:::::::*
	cpe:2.3:a:apache:tomcat:4.1.36:::::::*
	cpe:2.3:a:apache:tomcat:5.5.18:::::::*
	cpe:2.3:a:apache:tomcat:4.1.21:::::::*
	cpe:2.3:a:apache:tomcat:6.0.6:::::::*
	cpe:2.3:a:apache:tomcat:6.0.11:::::::*
	cpe:2.3:a:apache:tomcat:5.5.12:::::::*
	cpe:2.3:a:apache:tomcat:5.5.14:::::::*
	cpe:2.3:a:apache:tomcat:4.1.24:::::::*
	cpe:2.3:a:apache:tomcat:5.5.10:::::::*
	cpe:2.3:a:apache:tomcat:5.5.4:::::::*
	cpe:2.3:a:apache:tomcat:5.5.7:::::::*
	cpe:2.3:a:apache:tomcat:5.5.1:::::::*
	cpe:2.3:a:apache:tomcat:6.0.7:::::::*
	cpe:2.3:a:apache:tomcat:5.5.11:::::::*
	cpe:2.3:a:apache:tomcat:4.1.25:::::::*
	cpe:2.3:a:apache:tomcat:6.0.4:::::::*
	cpe:2.3:a:apache:tomcat:5.5.6:::::::*
	cpe:2.3:a:apache:tomcat:5.5.26:::::::*
	cpe:2.3:a:apache:tomcat:4.1.4:::::::*
	cpe:2.3:a:apache:tomcat:5.5.20:::::::*
	cpe:2.3:a:apache:tomcat:5.5.15:::::::*
	cpe:2.3:a:apache:tomcat:5.5.5:::::::*
	cpe:2.3:a:apache:tomcat:4.1.27:::::::*
	cpe:2.3:a:apache:tomcat:6.0.15:::::::*
	cpe:2.3:a:apache:tomcat:4.1.30:::::::*
	cpe:2.3:a:apache:tomcat:4.1.7:::::::*
	cpe:2.3:a:apache:tomcat:4.1.11:::::::*
	cpe:2.3:a:apache:tomcat:5.5.21:::::::*
	cpe:2.3:a:apache:tomcat:4.1.18:::::::*
	cpe:2.3:a:apache:tomcat:5.5.22:::::::*
	cpe:2.3:a:apache:tomcat:4.1.14:::::::*
	cpe:2.3:a:apache:tomcat:6.0.10:::::::*
	cpe:2.3:a:apache:tomcat:6.0.3:::::::*
	cpe:2.3:a:apache:tomcat:4.1.19:::::::*
	cpe:2.3:a:apache:tomcat:6.0.9:::::::*
	cpe:2.3:a:apache:tomcat:4.1.31:::::::*
	cpe:2.3:a:apache:tomcat:5.5.3:::::::*
	cpe:2.3:a:apache:tomcat:4.1.16:::::::*
	cpe:2.3:a:apache:tomcat:4.1.29:::::::*
	cpe:2.3:a:apache:tomcat:4.1.22:::::::*
	cpe:2.3:a:apache:tomcat:4.1.5:::::::*
	cpe:2.3:a:apache:tomcat:4.1.26:::::::*
	cpe:2.3:a:apache:tomcat:4.1.13:::::::*
	cpe:2.3:a:apache:tomcat:4.1.8:::::::*
	cpe:2.3:a:apache:tomcat:5.5.9:::::::*
	cpe:2.3:a:apache:tomcat:5.5.25:::::::*
	cpe:2.3:a:apache:tomcat:6.0.0:::::::*
	cpe:2.3:a:apache:tomcat:4.1.17:::::::*
	cpe:2.3:a:apache:tomcat:6.0.14:::::::*
	cpe:2.3:a:apache:tomcat:5.5.2:::::::*
	cpe:2.3:a:apache:tomcat:4.1.33:::::::*
	cpe:2.3:a:apache:tomcat:5.5.0:::::::*
	cpe:2.3:a:apache:tomcat:4.1.1:::::::*
	cpe:2.3:a:apache:tomcat:5.5.13:::::::*
	cpe:2.3:a:apache:tomcat:6.0.1:::::::*
	cpe:2.3:a:apache:tomcat:6.0.12:::::::*
	cpe:2.3:a:apache:tomcat:5.5.24:::::::*
	cpe:2.3:a:apache:tomcat:4.1.12:::::::*
	cpe:2.3:a:apache:tomcat:4.1.28:::::::*
	cpe:2.3:a:apache:tomcat:4.1.15:::::::*
	cpe:2.3:a:apache:tomcat:4.1.10:::::::*
	cpe:2.3:a:apache:tomcat:5.5.8:::::::*
cpe:2.3:a:apache:tomcat:5.5.16:::::::*
cpe:2.3:a:apache:tomcat:4.1.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:4.1.20:::::::*
cpe:2.3:a:apache:tomcat:5.5.17:::::::*
cpe:2.3:a:apache:tomcat:4.1.3:::::::*
cpe:2.3:a:apache:tomcat:5.5.19:::::::*
cpe:2.3:a:apache:tomcat:4.1.23:::::::*
cpe:2.3:a:apache:tomcat:4.1.34:::::::*
cpe:2.3:a:apache:tomcat:4.1.32:::::::*
cpe:2.3:a:apache:tomcat:4.1.37:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:5.5.23:::::::*
cpe:2.3:a:apache:tomcat:4.1.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*
cpe:2.3:a:apache:tomcat:4.1.9:::::::*

Information

Published : 2008-08-03 18:41

Updated : 2023-02-12 18:19

NVD link : CVE-2008-2370

Mitre link : CVE-2008-2370

JSON object : View

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Products Affected

apache

tomcat

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://tomcat.apache.org/security-4.html", "name": "http://tomcat.apache.org/security-4.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://tomcat.apache.org/security-5.html", "name": "http://tomcat.apache.org/security-5.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://tomcat.apache.org/security-6.html", "name": "http://tomcat.apache.org/security-6.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/30494", "name": "30494", "tags": ["Exploit", "Patch"], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1020623", "name": "1020623", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/31639", "name": "31639", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/31379", "name": "31379", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/31381", "name": "31381", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html", "name": "RHSA-2008:0648", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188", "name": "MDVSA-2008:188", "tags": [], "refsource": "MANDRIVA"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html", "name": "FEDORA-2008-8130", "tags": [], "refsource": "FEDORA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html", "name": "SUSE-SR:2008:018", "tags": [], "refsource": "SUSE"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html", "name": "FEDORA-2008-8113", "tags": [], "refsource": "FEDORA"}, {"url": "http://secunia.com/advisories/31891", "name": "31891", "tags": [], "refsource": "SECUNIA"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html", "name": "FEDORA-2008-7977", "tags": [], "refsource": "FEDORA"}, {"url": "http://secunia.com/advisories/31865", "name": "31865", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html", "name": "RHSA-2008:0862", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html", "name": "RHSA-2008:0864", "tags": [], "refsource": "REDHAT"}, {"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", "name": "APPLE-SA-2008-10-09", "tags": [], "refsource": "APPLE"}, {"url": "http://www.securityfocus.com/bid/31681", "name": "31681", "tags": [], "refsource": "BID"}, {"url": "http://support.apple.com/kb/HT3216", "name": "http://support.apple.com/kb/HT3216", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/32222", "name": "32222", "tags": [], "refsource": "SECUNIA"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", "tags": [], "refsource": "CONFIRM"}, {"url": "http://securityreason.com/securityalert/4099", "name": "4099", "tags": [], "refsource": "SREASON"}, {"url": "http://secunia.com/advisories/31982", "name": "31982", "tags": [], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2", "name": "HPSBUX02401", "tags": [], "refsource": "HP"}, {"url": "http://secunia.com/advisories/33797", "name": "33797", "tags": [], "refsource": "SECUNIA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", "name": "SUSE-SR:2009:004", "tags": [], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/32120", "name": "32120", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/32266", "name": "32266", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html", "name": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2009/0503", "name": "ADV-2009-0503", "tags": [], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/33999", "name": "33999", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/34013", "name": "34013", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/35393", "name": "35393", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html", "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2009/1535", "name": "ADV-2009-1535", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2009/2215", "name": "ADV-2009-2215", "tags": [], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/36249", "name": "36249", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/37460", "name": "37460", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2009/3316", "name": "ADV-2009-3316", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2008/2780", "name": "ADV-2008-2780", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2009/0320", "name": "ADV-2009-0320", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2008/2823", "name": "ADV-2008-2823", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2008/2305", "name": "ADV-2008-2305", "tags": [], "refsource": "VUPEN"}, {"url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2", "name": "HPSBST02955", "tags": [], "refsource": "HP"}, {"url": "http://secunia.com/advisories/57126", "name": "57126", "tags": [], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156", "name": "tomcat-requestdispatcher-info-disclosure(44156)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876", "name": "oval:org.mitre.oval:def:5876", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577", "name": "oval:org.mitre.oval:def:10577", "tags": [], "refsource": "OVAL"}, {"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded", "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/495022/100/0/threaded", "name": "20080801 [CVE-2008-2370] Apache Tomcat information disclosure vulnerability", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", "name": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", "name": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "name": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "name": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "name": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", "name": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", "name": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-2370", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-08-04T01:41Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-13T02:19Z"}

5.0 /10