CVE-2008-2370
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
1.0
Description
Apache Tomcat Path Traversal Vulnerability
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Apache Tomcat 6.0.16 - 'RequestDispatcher' Information Disclosure
Source code queued for fetch โ refresh in a moment.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.tomcat:tomcat | >=4.1.0,<4.1.38 | 4.1.38 |
| Maven | org.apache.tomcat:tomcat | >=5.5.0,<5.5.27 | 5.5.27 |
| Maven | org.apache.tomcat:tomcat | >=6.0.0,<6.0.18 | 6.0.18 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2008-2370
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44156
- https://web.archive.org/web/20090201124638/http://secunia.com/advisories/32120
- https://web.archive.org/web/20090201124957/http://secunia.com/advisories/31982
- https://web.archive.org/web/20090201125002/http://secunia.com/advisories/32266
- https://web.archive.org/web/20090201141000/http://secunia.com/advisories/32222
- https://web.archive.org/web/20090207111236/http://secunia.com/advisories/33797
- https://web.archive.org/web/20090225175903/http://secunia.com/advisories/33999
- https://web.archive.org/web/20090228074535/http://secunia.com/advisories/31379
- https://web.archive.org/web/20090228074540/http://secunia.com/advisories/34013
- https://web.archive.org/web/20090308065055/http://secunia.com/advisories/31865
- https://web.archive.org/web/20090811003155/http://secunia.com/advisories/35393
- https://web.archive.org/web/20090828023853/http://secunia.com/advisories/36249
- https://web.archive.org/web/20100706231759/http://secunia.com/advisories/37460
- https://web.archive.org/web/20110714083521/http://www.securitytracker.com/id?1020623
- https://web.archive.org/web/20110714174318/http://www.securityfocus.com/bid/30494
- https://web.archive.org/web/20120719164745/http://www.securityfocus.com/archive/1/495022/100/0/threaded
- https://web.archive.org/web/20120724210029/http://www.securityfocus.com/bid/31681
- https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126
- https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
- https://github.com/apache/tomcat
- https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.