CVE-2009-2693Path Traversal in Apache Tomcat

CWE-22Path Traversal8 documents7 sources
Severity
5.8MEDIUMNVD
EPSS
15.3%
top 5.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedJan 28
Latest updateMay 2

Description

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

NVDapache/tomcat51 versions+50

Patches

Patch: svn.apache.orgPatch: tomcat.apache.orgPatch: tomcat.apache.org

🔴Vulnerability Details

3
GHSA
Apache Tomcat Directory Traversal vulnerability2022-05-02
OSV
Apache Tomcat Directory Traversal vulnerability2022-05-02
CVEList
CVE-2009-2693: Directory traversal vulnerability in Apache Tomcat 52010-01-28

📋Vendor Advisories

2
Ubuntu
Tomcat vulnerabilities2010-02-11
Red Hat
tomcat: unexpected file deletion and/or alteration2010-01-24

💬Community

2
Bugzilla
CVE-2009-2901 CVE-2009-2902 CVE-2009-2693 CVE-2010-1157 tomcat: multiple vulnerabilities [fedora-all]2010-04-23
Bugzilla
CVE-2009-2693 tomcat: unexpected file deletion and/or alteration2010-01-28
CVE-2009-2693 — Path Traversal in Apache Tomcat | cvebase