Description

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.

Remediation

References

CVE-2008-2938

Related Vulnerabilities

Apache HTTP Server CVE-2009-1191 Vulnerability (CVE-2009-1191)

MySQL CVE-2021-2012 Vulnerability (CVE-2021-2012)

MySQL CVE-2022-21326 Vulnerability (CVE-2022-21326)

WordPress Plugin WP-StarsRateBox 'j' Parameter SQL Injection (1.1)

Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2021-36160)

Severity

Medium

Classification

CVE-2008-2938 CWE-22

Tags

Missing Update Known Vulnerabilities