Oval Definition:oval:org.opensuse.security:def:20082938
Revision Date:2022-05-22Version:1
Title:CVE-2008-2938
Description:

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2008-2938
Mitre CVE-2008-2938
SUSE CVE-2008-2938
SUSE-SR:2008:018
SUSE-SR:2008:018
SUSE-SR:2009:004
SUSE-SR:2009:004
TID7006398
Platform(s):Novell Linux Desktop 9 SDK for x86
Novell Linux Desktop 9 SDK for x86_64
Open Enterprise Server
openSUSE 10.3
openSUSE 11.0
SUSE Linux Enterprise SDK 10 SP2
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
Product(s):
Definition Synopsis
  • sles10-sp2-sdk is installed
  • AND Package Information
  • tomcat5-admin-webapps less than 5.0.30-27.30
  • OR tomcat5-webapps less than 5.0.30-27.30
  • OR tomcat5 less than 5.0.30-27.30
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 11 SP3 is installed
  • AND
  • tomcat6-6.0.18-20.35.40.1 is installed
  • OR tomcat6-admin-webapps-6.0.18-20.35.40.1 is installed
  • OR tomcat6-docs-webapp-6.0.18-20.35.40.1 is installed
  • OR tomcat6-javadoc-6.0.18-20.35.40.1 is installed
  • OR tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 is installed
  • OR tomcat6-lib-6.0.18-20.35.40.1 is installed
  • OR tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 is installed
  • OR tomcat6-webapps-6.0.18-20.35.40.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 11 SP4 is installed
  • AND
  • tomcat6-6.0.41-0.43.1 is installed
  • OR tomcat6-admin-webapps-6.0.41-0.43.1 is installed
  • OR tomcat6-docs-webapp-6.0.41-0.43.1 is installed
  • OR tomcat6-javadoc-6.0.41-0.43.1 is installed
  • OR tomcat6-jsp-2_1-api-6.0.41-0.43.1 is installed
  • OR tomcat6-lib-6.0.41-0.43.1 is installed
  • OR tomcat6-servlet-2_5-api-6.0.41-0.43.1 is installed
  • OR tomcat6-webapps-6.0.41-0.43.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP3 is installed
  • AND Package Information
  • tomcat6-6.0.18-20.35.40 is installed
  • OR tomcat6-admin-webapps-6.0.18-20.35.40 is installed
  • OR tomcat6-docs-webapp-6.0.18-20.35.40 is installed
  • OR tomcat6-javadoc-6.0.18-20.35.40 is installed
  • OR tomcat6-jsp-2_1-api-6.0.18-20.35.40 is installed
  • OR tomcat6-lib-6.0.18-20.35.40 is installed
  • OR tomcat6-servlet-2_5-api-6.0.18-20.35.40 is installed
  • OR tomcat6-webapps-6.0.18-20.35.40 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 11 SP2 is installed
  • AND
  • tomcat6-6.0.18-20.35.36.1 is installed
  • OR tomcat6-admin-webapps-6.0.18-20.35.36.1 is installed
  • OR tomcat6-docs-webapp-6.0.18-20.35.36.1 is installed
  • OR tomcat6-javadoc-6.0.18-20.35.36.1 is installed
  • OR tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 is installed
  • OR tomcat6-lib-6.0.18-20.35.36.1 is installed
  • OR tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 is installed
  • OR tomcat6-webapps-6.0.18-20.35.36.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 11 SP3 is installed
  • AND
  • tomcat6-6.0.18-20.35.40.1 is installed
  • OR tomcat6-admin-webapps-6.0.18-20.35.40.1 is installed
  • OR tomcat6-docs-webapp-6.0.18-20.35.40.1 is installed
  • OR tomcat6-javadoc-6.0.18-20.35.40.1 is installed
  • OR tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 is installed
  • OR tomcat6-lib-6.0.18-20.35.40.1 is installed
  • OR tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 is installed
  • OR tomcat6-webapps-6.0.18-20.35.40.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 11 SP4 is installed
  • AND
  • tomcat6-6.0.41-0.43.1 is installed
  • OR tomcat6-admin-webapps-6.0.41-0.43.1 is installed
  • OR tomcat6-docs-webapp-6.0.41-0.43.1 is installed
  • OR tomcat6-javadoc-6.0.41-0.43.1 is installed
  • OR tomcat6-jsp-2_1-api-6.0.41-0.43.1 is installed
  • OR tomcat6-lib-6.0.41-0.43.1 is installed
  • OR tomcat6-servlet-2_5-api-6.0.41-0.43.1 is installed
  • OR tomcat6-webapps-6.0.41-0.43.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • OR SUSE Linux Enterprise Server 12 SP3 is installed
  • AND tomcat is not affected
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND tomcat is not affected
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND tomcat is not affected
    • BACK