Anfälligkeitssuche        Suche in 191973 CVE Beschreibungen
und 86218 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

CVE Kennung:CVE-2008-5515
Beschreibung:Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
Test Kennungen: 1.3.6.1.4.1.25623.1.0.66330   1.3.6.1.4.1.25623.1.0.66329   1.3.6.1.4.1.25623.1.0.66326   1.3.6.1.4.1.25623.1.0.122466  
Querverweise: Common Vulnerability Exposure (CVE) ID: CVE-2008-5515
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 35263
http://www.securityfocus.com/bid/35263
Bugtraq: 20090608 [SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability (Google Search)
http://www.securityfocus.com/archive/1/504170/100/0/threaded
Bugtraq: 20090610 [SECURITY] UPDATED CVE-2008-5515 RequestDispatcher directory traversal vulnerability (Google Search)
http://www.securityfocus.com/archive/1/504202/100/0/threaded
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Debian Security Information: DSA-2207 (Google Search)
http://www.debian.org/security/2011/dsa-2207
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
HPdes Security Advisory: HPSBMA02535
http://marc.info/?l=bugtraq&m=127420533226623&w=2
HPdes Security Advisory: HPSBUX02579
http://marc.info/?l=bugtraq&m=129070310906557&w=2
HPdes Security Advisory: HPSBUX02860
http://marc.info/?l=bugtraq&m=136485229118404&w=2
HPdes Security Advisory: SSRT100029
http://marc.info/?l=bugtraq&m=127420533226623&w=2
HPdes Security Advisory: SSRT100203
http://marc.info/?l=bugtraq&m=129070310906557&w=2
HPdes Security Advisory: SSRT101146
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://jvn.jp/en/jp/JVN63832775/index.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
http://www.mandriva.com/security/advisories?name=MDVSA-2009:138
http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445
http://secunia.com/advisories/35393
http://secunia.com/advisories/35685
http://secunia.com/advisories/35788
http://secunia.com/advisories/37460
http://secunia.com/advisories/39317
http://secunia.com/advisories/42368
http://secunia.com/advisories/44183
http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
SuSE Security Announcement: SUSE-SR:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
SuSE Security Announcement: SUSE-SR:2010:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
http://www.vupen.com/english/advisories/2009/1520
http://www.vupen.com/english/advisories/2009/1535
http://www.vupen.com/english/advisories/2009/1856
http://www.vupen.com/english/advisories/2009/3316
http://www.vupen.com/english/advisories/2010/3056




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.