Oval Definition:oval:org.opensuse.security:def:20085515
Revision Date:2022-05-20Version:1
Title:CVE-2008-5515
Description:

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2008-5515
Mitre CVE-2008-5515
SUSE CVE-2008-5515
SUSE-SR:2009:012
SUSE-SR:2009:012
SUSE-SR:2010:008
SUSE-SR:2010:008
Platform(s):Open Enterprise Server
openSUSE 10.3
openSUSE 11.0
openSUSE 11.1
openSUSE 11.2
SUSE Linux Enterprise SDK 10 SP2
SUSE Linux Enterprise SDK 10 SP3
SUSE Linux Enterprise SDK 11 GA
SUSE Linux Enterprise Server 10 SP3
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP 10 SP2
SUSE Linux Enterprise Server for SAP 10 SP3
Product(s):
Definition Synopsis
  • Release Information
  • sles10-sp3 is installed
  • OR sles10-sp3-sap is installed
  • OR sles10-sp3-sdk is installed
  • AND
  • tomcat5-admin-webapps less than 5.5.27-0.9.1
  • OR tomcat5-webapps less than 5.5.27-0.9.1
  • OR tomcat5 less than 5.5.27-0.9.1
  • OR Package Information
  • sles10-sp2-sdk is installed
  • AND
  • tomcat5-admin-webapps less than 5.0.30-27.40
  • OR tomcat5-webapps less than 5.0.30-27.40
  • OR tomcat5 less than 5.0.30-27.40
  • OR Package Information
  • sles10-sp2-sap is installed
  • AND
  • tomcat5-admin-webapps less than 5.0.30-27.42
  • OR tomcat5-webapps less than 5.0.30-27.42
  • OR tomcat5 less than 5.0.30-27.42
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 11 SP2 is installed
  • AND
  • tomcat6-6.0.18-20.35.36.1 is installed
  • OR tomcat6-admin-webapps-6.0.18-20.35.36.1 is installed
  • OR tomcat6-docs-webapp-6.0.18-20.35.36.1 is installed
  • OR tomcat6-javadoc-6.0.18-20.35.36.1 is installed
  • OR tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 is installed
  • OR tomcat6-lib-6.0.18-20.35.36.1 is installed
  • OR tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 is installed
  • OR tomcat6-webapps-6.0.18-20.35.36.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 11 SP3 is installed
  • AND
  • tomcat6-6.0.18-20.35.40.1 is installed
  • OR tomcat6-admin-webapps-6.0.18-20.35.40.1 is installed
  • OR tomcat6-docs-webapp-6.0.18-20.35.40.1 is installed
  • OR tomcat6-javadoc-6.0.18-20.35.40.1 is installed
  • OR tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 is installed
  • OR tomcat6-lib-6.0.18-20.35.40.1 is installed
  • OR tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 is installed
  • OR tomcat6-webapps-6.0.18-20.35.40.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 11 SP4 is installed
  • AND
  • tomcat6-6.0.41-0.43.1 is installed
  • OR tomcat6-admin-webapps-6.0.41-0.43.1 is installed
  • OR tomcat6-docs-webapp-6.0.41-0.43.1 is installed
  • OR tomcat6-javadoc-6.0.41-0.43.1 is installed
  • OR tomcat6-jsp-2_1-api-6.0.41-0.43.1 is installed
  • OR tomcat6-lib-6.0.41-0.43.1 is installed
  • OR tomcat6-servlet-2_5-api-6.0.41-0.43.1 is installed
  • OR tomcat6-webapps-6.0.41-0.43.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 11 SP3 is installed
  • AND
  • tomcat6-6.0.18-20.35.40.1 is installed
  • OR tomcat6-admin-webapps-6.0.18-20.35.40.1 is installed
  • OR tomcat6-docs-webapp-6.0.18-20.35.40.1 is installed
  • OR tomcat6-javadoc-6.0.18-20.35.40.1 is installed
  • OR tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 is installed
  • OR tomcat6-lib-6.0.18-20.35.40.1 is installed
  • OR tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 is installed
  • OR tomcat6-webapps-6.0.18-20.35.40.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 11 SP4 is installed
  • AND
  • tomcat6-6.0.41-0.43.1 is installed
  • OR tomcat6-admin-webapps-6.0.41-0.43.1 is installed
  • OR tomcat6-docs-webapp-6.0.41-0.43.1 is installed
  • OR tomcat6-javadoc-6.0.41-0.43.1 is installed
  • OR tomcat6-jsp-2_1-api-6.0.41-0.43.1 is installed
  • OR tomcat6-lib-6.0.41-0.43.1 is installed
  • OR tomcat6-servlet-2_5-api-6.0.41-0.43.1 is installed
  • OR tomcat6-webapps-6.0.41-0.43.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP3 is installed
  • AND Package Information
  • tomcat6-6.0.18-20.35.40 is installed
  • OR tomcat6-admin-webapps-6.0.18-20.35.40 is installed
  • OR tomcat6-docs-webapp-6.0.18-20.35.40 is installed
  • OR tomcat6-javadoc-6.0.18-20.35.40 is installed
  • OR tomcat6-jsp-2_1-api-6.0.18-20.35.40 is installed
  • OR tomcat6-lib-6.0.18-20.35.40 is installed
  • OR tomcat6-servlet-2_5-api-6.0.18-20.35.40 is installed
  • OR tomcat6-webapps-6.0.18-20.35.40 is installed
    • BACK