JVN/CVE Demo: Cveinfos

CVE

Id: 32487
CVE No.: CVE-2008-2370
Status: Candidate
Description: Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
Phase: Assigned (20080521)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
351443	32487	CVE-2008-2370	BUGTRAQ:20080801 [CVE-2008-2370] Apache Tomcat information disclosure vulnerability	View
351444	32487	CVE-2008-2370	URL:http://www.securityfocus.com/archive/1/archive/1/495022/100/0/threaded	View
351445	32487	CVE-2008-2370	BUGTRAQ:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components	View
351446	32487	CVE-2008-2370	URL:http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded	View
351447	32487	CVE-2008-2370	MLIST:[apache-announce] 20090808 [ANNOUNCE] Apache ODE 1.3.3	View
351448	32487	CVE-2008-2370	URL:http://marc.info/?l=apache-announce&m=124972618803216&w=2	View
351449	32487	CVE-2008-2370	MLIST:[ode-user] 20090808 [ANNOUNCE] Apache ODE 1.3.3	View
351450	32487	CVE-2008-2370	URL:http://mail-archives.apache.org/mod_mbox/ode-user/200908.mbox/%3Cfbdc6a970908072141w20a7a9d9ka1f896ad8073dffb@mail.gmail.com%3E	View
351451	32487	CVE-2008-2370	CONFIRM:http://tomcat.apache.org/security-4.html	View
351452	32487	CVE-2008-2370	CONFIRM:http://tomcat.apache.org/security-5.html	View
351453	32487	CVE-2008-2370	CONFIRM:http://tomcat.apache.org/security-6.html	View
351454	32487	CVE-2008-2370	CONFIRM:http://support.apple.com/kb/HT3216	View
351455	32487	CVE-2008-2370	CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm	View
351456	32487	CVE-2008-2370	CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0002.html	View
351457	32487	CVE-2008-2370	CONFIRM:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html	View
351458	32487	CVE-2008-2370	CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0016.html	View
351459	32487	CVE-2008-2370	APPLE:APPLE-SA-2008-10-09	View
351460	32487	CVE-2008-2370	URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html	View
351461	32487	CVE-2008-2370	FEDORA:FEDORA-2008-8113	View
351462	32487	CVE-2008-2370	URL:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html	View
351463	32487	CVE-2008-2370	FEDORA:FEDORA-2008-8130	View
351464	32487	CVE-2008-2370	URL:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html	View
351465	32487	CVE-2008-2370	FEDORA:FEDORA-2008-7977	View
351466	32487	CVE-2008-2370	URL:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html	View
351467	32487	CVE-2008-2370	HP:HPSBUX02401	View
351468	32487	CVE-2008-2370	URL:http://marc.info/?l=bugtraq&m=123376588623823&w=2	View
351469	32487	CVE-2008-2370	HP:SSRT090005	View
351470	32487	CVE-2008-2370	URL:http://marc.info/?l=bugtraq&m=123376588623823&w=2	View
351471	32487	CVE-2008-2370	HP:HPSBST02955	View
351472	32487	CVE-2008-2370	URL:http://marc.info/?l=bugtraq&m=139344343412337&w=2	View
351473	32487	CVE-2008-2370	MANDRIVA:MDVSA-2008:188	View
351474	32487	CVE-2008-2370	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:188	View
351475	32487	CVE-2008-2370	REDHAT:RHSA-2008:0648	View
351476	32487	CVE-2008-2370	URL:http://www.redhat.com/support/errata/RHSA-2008-0648.html	View
351477	32487	CVE-2008-2370	REDHAT:RHSA-2008:0862	View
351478	32487	CVE-2008-2370	URL:http://www.redhat.com/support/errata/RHSA-2008-0862.html	View
351479	32487	CVE-2008-2370	REDHAT:RHSA-2008:0864	View
351480	32487	CVE-2008-2370	URL:http://www.redhat.com/support/errata/RHSA-2008-0864.html	View
351481	32487	CVE-2008-2370	SUSE:SUSE-SR:2008:018	View
351482	32487	CVE-2008-2370	URL:http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html	View
351483	32487	CVE-2008-2370	SUSE:SUSE-SR:2009:004	View
351484	32487	CVE-2008-2370	URL:http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html	View
351485	32487	CVE-2008-2370	BID:30494	View
351486	32487	CVE-2008-2370	URL:http://www.securityfocus.com/bid/30494	View
351487	32487	CVE-2008-2370	BID:31681	View
351488	32487	CVE-2008-2370	URL:http://www.securityfocus.com/bid/31681	View
351489	32487	CVE-2008-2370	OVAL:oval:org.mitre.oval:def:5876	View
351490	32487	CVE-2008-2370	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5876	View
351491	32487	CVE-2008-2370	OVAL:oval:org.mitre.oval:def:10577	View
351492	32487	CVE-2008-2370	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10577	View
351493	32487	CVE-2008-2370	SECUNIA:33999	View
351494	32487	CVE-2008-2370	URL:http://secunia.com/advisories/33999	View
351495	32487	CVE-2008-2370	SECUNIA:34013	View
351496	32487	CVE-2008-2370	URL:http://secunia.com/advisories/34013	View
351497	32487	CVE-2008-2370	SECUNIA:35393	View
351498	32487	CVE-2008-2370	URL:http://secunia.com/advisories/35393	View
351499	32487	CVE-2008-2370	SECUNIA:36249	View
351500	32487	CVE-2008-2370	URL:http://secunia.com/advisories/36249	View
351501	32487	CVE-2008-2370	SECUNIA:37460	View
351502	32487	CVE-2008-2370	URL:http://secunia.com/advisories/37460	View
351503	32487	CVE-2008-2370	SECUNIA:57126	View
351504	32487	CVE-2008-2370	URL:http://secunia.com/advisories/57126	View
351505	32487	CVE-2008-2370	VUPEN:ADV-2008-2305	View
351506	32487	CVE-2008-2370	URL:http://www.vupen.com/english/advisories/2008/2305	View
351507	32487	CVE-2008-2370	VUPEN:ADV-2008-2823	View
351508	32487	CVE-2008-2370	URL:http://www.vupen.com/english/advisories/2008/2823	View
351509	32487	CVE-2008-2370	VUPEN:ADV-2008-2780	View
351510	32487	CVE-2008-2370	URL:http://www.vupen.com/english/advisories/2008/2780	View
351511	32487	CVE-2008-2370	VUPEN:ADV-2009-0320	View
351512	32487	CVE-2008-2370	URL:http://www.vupen.com/english/advisories/2009/0320	View
351513	32487	CVE-2008-2370	SECTRACK:1020623	View
351514	32487	CVE-2008-2370	URL:http://www.securitytracker.com/id?1020623	View
351515	32487	CVE-2008-2370	SECUNIA:31379	View
351516	32487	CVE-2008-2370	URL:http://secunia.com/advisories/31379	View
351517	32487	CVE-2008-2370	SECUNIA:31381	View
351518	32487	CVE-2008-2370	URL:http://secunia.com/advisories/31381	View
351519	32487	CVE-2008-2370	SECUNIA:31639	View
351520	32487	CVE-2008-2370	URL:http://secunia.com/advisories/31639	View
351521	32487	CVE-2008-2370	SECUNIA:31891	View
351522	32487	CVE-2008-2370	URL:http://secunia.com/advisories/31891	View
351523	32487	CVE-2008-2370	SECUNIA:31865	View
351524	32487	CVE-2008-2370	URL:http://secunia.com/advisories/31865	View
351525	32487	CVE-2008-2370	SECUNIA:32222	View
351526	32487	CVE-2008-2370	URL:http://secunia.com/advisories/32222	View
351527	32487	CVE-2008-2370	SECUNIA:31982	View
351528	32487	CVE-2008-2370	URL:http://secunia.com/advisories/31982	View
351529	32487	CVE-2008-2370	SECUNIA:33797	View
351530	32487	CVE-2008-2370	URL:http://secunia.com/advisories/33797	View
351531	32487	CVE-2008-2370	SECUNIA:32120	View
351532	32487	CVE-2008-2370	URL:http://secunia.com/advisories/32120	View
351533	32487	CVE-2008-2370	SECUNIA:32266	View
351534	32487	CVE-2008-2370	URL:http://secunia.com/advisories/32266	View
351535	32487	CVE-2008-2370	SREASON:4099	View
351536	32487	CVE-2008-2370	URL:http://securityreason.com/securityalert/4099	View
351537	32487	CVE-2008-2370	VUPEN:ADV-2009-0503	View
351538	32487	CVE-2008-2370	URL:http://www.vupen.com/english/advisories/2009/0503	View
351539	32487	CVE-2008-2370	VUPEN:ADV-2009-1535	View
351540	32487	CVE-2008-2370	URL:http://www.vupen.com/english/advisories/2009/1535	View
351541	32487	CVE-2008-2370	VUPEN:ADV-2009-2215	View
351542	32487	CVE-2008-2370	URL:http://www.vupen.com/english/advisories/2009/2215	View
351543	32487	CVE-2008-2370	VUPEN:ADV-2009-3316	View
351544	32487	CVE-2008-2370	URL:http://www.vupen.com/english/advisories/2009/3316	View
351545	32487	CVE-2008-2370	XF:tomcat-requestdispatcher-info-disclosure(44156)	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
46227	JVNDB-2008-001537	BlueZ の bluez-libs におけるサービス運用妨害 (DoS) の脆弱性	BlueZ の bluez-libs の src/sdp.c には、SDP パケット内の文字列長フィールドの検証に不備があるため、遠隔の SDP サービスによるサービス運用妨害 (DoS) の脆弱性が存在します。	CVE-2008-2374	32487	7.5		http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001537.html	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.42 MB
View render complete	3.00 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.79
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	423.78
Event: Controller.beforeRender	5.54
» Processing toolbar data	5.46
Rendering View	34.23
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	33.08
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.69
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.15
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/32487
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/32487
Remote Port	31663
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.55
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.2.12.50
Http Via	1.1 squid-proxy-5b5d847c96-8pn8c (squid/6.13)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectharddos	1
Suspectdos	1
X Dostranslated Ip	216.73.216.55
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.55
Unique Id	aN4LDIITZD-hGfFgEnxhpQAAAN0
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectharddos	1
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.55
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.55
Redirect Unique Id	aN4LDIITZD-hGfFgEnxhpQAAAN0
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectharddos	1
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.55
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.55
Redirect Redirect Unique Id	aN4LDIITZD-hGfFgEnxhpQAAAN0
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1759382284.7991
Request Time	1759382284

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files