OVAL Reference oval:org.opensuse.security:def:20082370

Oval Definition:

oval:org.opensuse.security:def:20082370

Revision Date:	2022-05-20	Version:	1
Title:	CVE-2008-2370
Description:	Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2008-2370 Mitre CVE-2008-2370 SUSE CVE-2008-2370 SUSE-SR:2008:018 SUSE-SR:2008:018 SUSE-SR:2009:004 SUSE-SR:2009:004 TID7006398
Platform(s):	Novell Linux Desktop 9 SDK for x86 Novell Linux Desktop 9 SDK for x86_64 Open Enterprise Server openSUSE 10.3 openSUSE 11.0 SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4	Product(s):
Definition Synopsis
sles10-sp2-sdk is installed AND Package Information tomcat5-admin-webapps less than 5.0.30-27.30 OR tomcat5-webapps less than 5.0.30-27.30 OR tomcat5 less than 5.0.30-27.30
Definition Synopsis
Release Information SUSE Linux Enterprise Server 11 SP3 is installed AND tomcat6-6.0.18-20.35.40.1 is installed OR tomcat6-admin-webapps-6.0.18-20.35.40.1 is installed OR tomcat6-docs-webapp-6.0.18-20.35.40.1 is installed OR tomcat6-javadoc-6.0.18-20.35.40.1 is installed OR tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 is installed OR tomcat6-lib-6.0.18-20.35.40.1 is installed OR tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 is installed OR tomcat6-webapps-6.0.18-20.35.40.1 is installed OR Package Information SUSE Linux Enterprise Server 11 SP4 is installed AND tomcat6-6.0.41-0.43.1 is installed OR tomcat6-admin-webapps-6.0.41-0.43.1 is installed OR tomcat6-docs-webapp-6.0.41-0.43.1 is installed OR tomcat6-javadoc-6.0.41-0.43.1 is installed OR tomcat6-jsp-2_1-api-6.0.41-0.43.1 is installed OR tomcat6-lib-6.0.41-0.43.1 is installed OR tomcat6-servlet-2_5-api-6.0.41-0.43.1 is installed OR tomcat6-webapps-6.0.41-0.43.1 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Server 11 SP2 is installed AND tomcat6-6.0.18-20.35.36.1 is installed OR tomcat6-admin-webapps-6.0.18-20.35.36.1 is installed OR tomcat6-docs-webapp-6.0.18-20.35.36.1 is installed OR tomcat6-javadoc-6.0.18-20.35.36.1 is installed OR tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 is installed OR tomcat6-lib-6.0.18-20.35.36.1 is installed OR tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 is installed OR tomcat6-webapps-6.0.18-20.35.36.1 is installed OR Package Information SUSE Linux Enterprise Server 11 SP3 is installed AND tomcat6-6.0.18-20.35.40.1 is installed OR tomcat6-admin-webapps-6.0.18-20.35.40.1 is installed OR tomcat6-docs-webapp-6.0.18-20.35.40.1 is installed OR tomcat6-javadoc-6.0.18-20.35.40.1 is installed OR tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 is installed OR tomcat6-lib-6.0.18-20.35.40.1 is installed OR tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 is installed OR tomcat6-webapps-6.0.18-20.35.40.1 is installed OR Package Information SUSE Linux Enterprise Server 11 SP4 is installed AND tomcat6-6.0.41-0.43.1 is installed OR tomcat6-admin-webapps-6.0.41-0.43.1 is installed OR tomcat6-docs-webapp-6.0.41-0.43.1 is installed OR tomcat6-javadoc-6.0.41-0.43.1 is installed OR tomcat6-jsp-2_1-api-6.0.41-0.43.1 is installed OR tomcat6-lib-6.0.41-0.43.1 is installed OR tomcat6-servlet-2_5-api-6.0.41-0.43.1 is installed OR tomcat6-webapps-6.0.41-0.43.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP3 is installed AND Package Information tomcat6-6.0.18-20.35.40 is installed OR tomcat6-admin-webapps-6.0.18-20.35.40 is installed OR tomcat6-docs-webapp-6.0.18-20.35.40 is installed OR tomcat6-javadoc-6.0.18-20.35.40 is installed OR tomcat6-jsp-2_1-api-6.0.18-20.35.40 is installed OR tomcat6-lib-6.0.18-20.35.40 is installed OR tomcat6-servlet-2_5-api-6.0.18-20.35.40 is installed OR tomcat6-webapps-6.0.18-20.35.40 is installed

BACK