Information disclosure vulnerability (CVE-2008-2370)
Bug #256922 reported by
Thierry Carrez
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tomcat5.5 (Debian) |
Fix Released
|
Unknown
|
|||
tomcat5.5 (Ubuntu) |
Fix Released
|
Medium
|
Thierry Carrez | ||
Hardy |
Fix Released
|
Medium
|
Thierry Carrez | ||
tomcat6 (Ubuntu) |
Fix Released
|
Undecided
|
Thierry Carrez | ||
Hardy |
Invalid
|
Undecided
|
Unassigned |
Bug Description
CVE-2008-2370
When using a RequestDispatcher the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locating it in under the WEB-INF directory.
Affects: 6.0.0-6.0.16, 5.5.0-5.5.26
Changed in tomcat5.5: | |
status: | Unknown → New |
Changed in tomcat6: | |
assignee: | nobody → tcarrez |
status: | New → In Progress |
Changed in tomcat6: | |
status: | New → Invalid |
Changed in tomcat5.5: | |
assignee: | nobody → tcarrez |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in tomcat5.5: | |
status: | In Progress → Fix Released |
Changed in tomcat5.5: | |
status: | New → Fix Committed |
Changed in tomcat5.5: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
This bug was fixed in the package tomcat6 - 6.0.18-0ubuntu1
---------------
tomcat6 (6.0.18-0ubuntu1) intrepid; urgency=low
* New upstream version (LP: #260016) common- licenses/ Apache- 2.0 jre-headless | java6-runtime- headless
- Fixes CVE-2008-2938: Directory traversal vulnerability (LP: #256802)
- Fixes CVE-2008-2370: Information disclosure vulnerability (LP: #256922)
- Fixes CVE-2008-1232: XSS through sendError vulnerability (LP: #256926)
* Dropped CVE-2008-1947.patch (fix is shipped in this upstream release)
* control: Improve short descriptions for the binary packages
* copyright: Added link to /usr/share/
* control: To pull the right JRE, libtomcat6-java now depends on
default-
-- Thierry Carrez <email address hidden> Fri, 22 Aug 2008 09:15:11 +0200