CVE-2009-2902 — Path Traversal in Apache Tomcat

CWE-22 — Path Traversal8 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

10.1%

top 6.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat

Timeline

PublishedJan 28

Latest updateMay 2

Description

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/tomcat51 versions+50

🔴Vulnerability Details

OSV

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat↗2022-05-02

▶

GHSA

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat↗2022-05-02

▶

CVEList

CVE-2009-2902: Directory traversal vulnerability in Apache Tomcat 5↗2010-01-28

▶

📋Vendor Advisories

Ubuntu

Tomcat vulnerabilities↗2010-02-11

▶

Red Hat

tomcat: unexpected file deletion in work directory↗2010-01-24

▶

💬Community

Bugzilla

CVE-2009-2901 CVE-2009-2902 CVE-2009-2693 CVE-2010-1157 tomcat: multiple vulnerabilities [fedora-all]↗2010-04-23

▶

Bugzilla

CVE-2009-2902 tomcat: unexpected file deletion in work directory↗2010-01-28

▶