Vulnerability CVE-2008-2370 - CERT Civis.Net

Vulnerability Name:

CVE-2008-2370 (CCN-44156)

Assigned:

2008-08-01

Published:

2008-08-01

Updated:

2023-02-13

Summary:

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: CCN
Type: BugTraq Mailing List, Fri Aug 01 2008 - 09:06:33 CDT
[CVE-2008-2370] Apache Tomcat information disclosure vulnerability

Source: MITRE
Type: CNA
CVE-2008-2370

Source: CCN
Type: HP Security Bulletin HPSBUX02401 SSRT090005 rev.1
HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Security-announce Mailing List, Mon Feb 23 18:39:14 PST 2009
VMSA-2009-0002 VirtualCenter Update 4 updates Tomcat to 5.5.27

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2008-0648
Important: tomcat security update

Source: CCN
Type: RHSA-2008-0862
Important: tomcat security update

Source: CCN
Type: RHSA-2008-0864
Important: tomcat security update

Source: CCN
Type: RHSA-2008-0877
Important: jbossweb security update

Source: CCN
Type: RHSA-2008-1007
Low: tomcat security update for Red Hat Network Satellite Server

Source: CCN
Type: RHSA-2010-0602
Moderate: Red Hat Certificate System 7.3 security update

Source: CCN
Type: SA31379
Apache Tomcat Multiple Vulnerabilities

Source: CCN
Type: SA31381
Apache Tomcat 6 Multiple Vulnerabilities

Source: CCN
Type: SA32222
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: CCN
Type: SA32266
Avaya AES / MX Apache Tomcat Multiple Vulnerabilities

Source: CCN
Type: SA34013
VMware Multiple Products Tomcat Vulnerabilities

Source: CCN
Type: SA34039
Sun Solaris Tomcat Directory Traversal and Cross-Site Scripting

Source: CCN
Type: SA35393
Fujitsu Interstage Products Information Disclosure Vulnerabilities

Source: CCN
Type: SA36249
Apache ODE Process Deployment Web Service Directory Traversal

Source: CCN
Type: SA37460
VMware Products Update for Multiple Packages

Source: CCN
Type: SA40425
Novell ZENworks Linux Management Tomcat Multiple Vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: SECTRACK ID: 1020623
Tomcat RequestDispatcher Bug Lets Remote Users Bypass Access Restrictions

Source: CCN
Type: Sun Alert ID: 251986
Security Vulnerabilities in Tomcat 5.5 may Lead to Cross Site Scripting (XSS) or Directory Traversal

Source: CCN
Type: Apple Web site
About Security Update 2008-007

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: ASA-2008-390
tomcat security update (RHSA-2008-0864)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: ASA-2008-401
tomcat security update (RHSA-2008-0862)

Source: CCN
Type: ASA-2009-061
HPSBUX02401 SSRT090005 rev.2 - HP-UX Running Apache Web Server SuiteRemote Denial of Service (DoS) Cross-site Scripting (XSS) Execution of Arbitrary Code Cross-Site Request Forgery (CSRF)

Source: CCN
Type: ASA-2009-077
Security Vulnerabilities in Tomcat 5.5 may Lead to Cross Site Scripting (XSS) or Directory Traversal (Sun 251986)

Source: CCN
Type: Apache Tomcat Web site
Tomcat 6 Downloads

Source: CCN
Type: Apache Tomcat Security Web site
Apache Tomcat 4.x vulnerabilities, Will not be fixed in Apache Tomcat 4.1.x

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Fujitsu Web site
Interstage Application Server: Information Disclosure Vulnerabilities(CVE-2008-2370/CVE-2008-5515)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Novell Document ID: 7006398
Tomcat 5.0.28 in ZLM 7.3 subject to "Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities"

Source: CCN
Type: OSVDB ID: 56903
Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: BID-30494
Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability

Source: secalert@redhat.com
Type: Exploit, Patch
secalert@redhat.com

Source: CCN
Type: BID-31681
RETIRED: Apple Mac OS X 2008-007 Multiple Security Vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: BID-35263
Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
tomcat-requestdispatcher-dir-traversal(44156)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: IBM Security Bulletin 6858013 (Tivoli Application Dependency Discovery Manager)
TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: SUSE
Type: SUSE-SR:2008:018
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2009:004
SUSE Security Summary Report

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apache:tomcat:4.1.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.34:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.31:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.36:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.15:*:*:*:*:*:*:*

OR cpe:/a:redhat:certificate_system:7.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.32:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.37:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.20:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.21:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.22:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.23:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.26:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.27:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.30:*:*:*:*:*:*:*

AND

cpe:/o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:9::x86:*:*:*:*:*

OR cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:x86_64:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*

OR cpe:/a:redhat:network_satellite:5.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

OR cpe:/a:redhat:rhel_developer_suite:3:*:*:*:*:*:*:*

OR cpe:/a:redhat:rhel_application_server:2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*

OR cpe:/o:vmware:esx:3.0.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:esx_server:3.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_89::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_89::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_95::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_95::x86:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*

OR cpe:/a:vmware:virtualcenter:2.0.2:*:*:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_01::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_02::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_13::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_19::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_22::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_39::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_47::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_64::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_79b::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_88::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_01::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_02::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_13::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_19::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_22::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_39::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_47::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_64::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_79b::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_88::sparc:*:*:*:*:*

OR cpe:/a:vmware:esx_server:3.0.3:*:*:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_03::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_04::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_05::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_06::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_07::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_08::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_09::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_10::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_11::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_12::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_14::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_15::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_16::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_18::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_20::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_21::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_24::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_25::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_26::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_27::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_28::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_29::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_31::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_32::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_33::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_34::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_35::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_37::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_41::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_43::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_44::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_45::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_48::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_50::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_53::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_54::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_56::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_58::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_59::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_60::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_62::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_65::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_68::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_69::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_72::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_75::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_76::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_78::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_81::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_82::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_84::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_85::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_87::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_86::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_17::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_23::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_30::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_36::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_38::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_42::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_46::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_49::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_51::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_52::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_55::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_57::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_61::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_63::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_66::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_67::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_70::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_71::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_73::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_74::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_77::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_79::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_83::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_03::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_04::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_05::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_06::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_07::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_15::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_08::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_14::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_11::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_17::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_12::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_09::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_16::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_10::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_21::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_20::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_27::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_26::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_25::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_24::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_23::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_18::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_28::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_33::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_34::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_35::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_36::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_32::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_37::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_31::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_30::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_29::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_40::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_41::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_42::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_43::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_44::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_38::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_45::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_46::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_48::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_55::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_54::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_50::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_57::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_49::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_56::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_52::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_51::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_53::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_67::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_66::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_59::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_65::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_58::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_61::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_63::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_60::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_62::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_71::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_68::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_72::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_77::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_70::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_74::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_73::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_76::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_69::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_75::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_78::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_84::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_83::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_79::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_86::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_85::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_87::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_80::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_82::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_81::sparc:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_100::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_100::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_80::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_91::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_91::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_90::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_90::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_40::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_92::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_92::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_93::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_94::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_99::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_98::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_97::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_96::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_94::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_93::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_99::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_97::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_98::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_96::x86:*:*:*:*:*

OR cpe:/a:vmware:server:2.0:*:*:*:*:*:*:*

OR cpe:/a:fujitsu:interstage_apworks:6.0:*:*:*:*:*:*:*

OR cpe:/a:fujitsu:interstage_studio:10.0.0:*:*:*:*:*:*:*

OR cpe:/a:fujitsu:interstage_job_workload_server:8.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20082370	V	CVE-2008-2370	2022-05-20
oval:org.opensuse.security:def:26227	P	Security update for the Linux Kernel (Important)	2022-01-13
oval:org.opensuse.security:def:31756	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:32290	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:42242	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:31314	P	Security update for xen (Moderate)	2021-12-01
oval:org.opensuse.security:def:32232	P	Security update for webkit2gtk3 (Important)	2021-12-01
oval:org.opensuse.security:def:32229	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:26174	P	Security update for openexr (Moderate)	2021-12-01
oval:org.opensuse.security:def:31303	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:31302	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:26161	P	Security update for samba (Important)	2021-11-10
oval:org.opensuse.security:def:33011	P	Security update for hivex (Moderate)	2021-09-23
oval:org.opensuse.security:def:26117	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:32180	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:31669	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:26103	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:32972	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:32145	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:32124	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:32122	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:36312	P	tomcat6-6.0.41-0.43.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42719	P	tomcat6-6.0.41-0.43.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26065	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:26064	P	Security update for libwebp (Critical)	2021-06-02
oval:org.opensuse.security:def:32088	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:31612	P	Security update for gdm (Important)	2021-04-28
oval:org.opensuse.security:def:32078	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:32268	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:26203	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:31732	P	Security update for krb5-appl (Important)	2021-02-19
oval:org.opensuse.security:def:26146	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:35835	P	tomcat6-6.0.18-20.35.36.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42455	P	tomcat6-6.0.18-20.35.40.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36048	P	tomcat6-6.0.18-20.35.40.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:26637	P	ruby on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25862	P	Recommended update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:31881	P	Security update for dnsmasq (Important)	2020-12-01
oval:org.opensuse.security:def:26329	P	Security update for znc (Low)	2020-12-01
oval:org.opensuse.security:def:25597	P	Security update for squid (Critical)	2020-12-01
oval:org.opensuse.security:def:32444	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:27046	P	tomcat6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25673	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:31912	P	Security update for gcc43 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26799	P	pam_mount on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25397	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:26287	P	Security update for zeromq (Moderate)	2020-12-01
oval:org.opensuse.security:def:32554	P	libltdl7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31778	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25939	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:25670	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:32017	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:33275	P	tomcat6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31864	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:31526	P	Security update for rsyslog (Moderate)	2020-12-01
oval:org.opensuse.security:def:25962	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26593	P	libnetpbm10 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25861	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31824	P	Security update for bash (Low)	2020-12-01
oval:org.opensuse.security:def:26315	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:31520	P	Security update for rpcbind (Moderate)	2020-12-01
oval:org.opensuse.security:def:27310	P	tomcat6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25937	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27011	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25609	P	Security update for sysstat (Moderate)	2020-12-01
oval:org.opensuse.security:def:25386	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32532	P	java-1_4_2-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25882	P	Security update for python-tornado (Moderate)	2020-12-01
oval:org.opensuse.security:def:25589	P	Security update for zabbix (Moderate)	2020-12-01
oval:org.opensuse.security:def:26491	P	Security update for nextcloud (Moderate)	2020-12-01
oval:org.opensuse.security:def:33236	P	ppc64-diag on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31790	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:32334	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:31515	P	Security update for quagga (Low)	2020-12-01
oval:org.opensuse.security:def:25811	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:26579	P	libMagickCore1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26276	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:32799	P	tomcat6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31388	P	Security update for openwsman (Important)	2020-12-01
oval:org.opensuse.security:def:32388	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:27275	P	pure-ftpd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25873	P	Security update for libcares2 (Low)	2020-12-01
oval:org.opensuse.security:def:31968	P	Security update for ipmitool (Important)	2020-12-01
oval:org.opensuse.security:def:26373	P	Security update for ffmpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:25598	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:25385	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:32493	P	bzip2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25801	P	Security update for libvdpau (Moderate)	2020-12-01
oval:org.opensuse.security:def:26834	P	tomcat6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25461	P	Security update for cpio (Moderate)	2020-12-01
oval:org.opensuse.security:def:26438	P	Security update for ansible (Moderate)	2020-12-01
oval:org.opensuse.security:def:32598	P	python on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31779	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26023	P	Security update for evince (Important)	2020-12-01
oval:org.opensuse.security:def:31514	P	Security update for quagga (Moderate)	2020-12-01
oval:org.opensuse.security:def:25727	P	Security update for libzypp (Moderate)	2020-12-01
oval:org.opensuse.security:def:32056	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:31996	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:26540	P	enscript on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31600	P	Security update for tightvnc (Important)	2020-12-01
oval:org.opensuse.security:def:26015	P	Security update for libplist (Moderate)	2020-12-01
oval:org.opensuse.security:def:32760	P	opie on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:28407	P	RHSA-2008:0648 -- tomcat security update (Important)	2015-08-17
oval:org.mitre.oval:def:21729	P	ELSA-2008:0648: tomcat security update (Important)	2014-05-26
oval:org.mitre.oval:def:10577	V	Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.	2013-04-29
oval:org.mitre.oval:def:5876	V	Security vulnerability in the RequestDispatcher class in Tomcat 5.5 bundled with Solaris 9 and Solaris 10 may lead to Directory Traversal.	2009-04-06
oval:com.redhat.rhsa:def:20080648	P	RHSA-2008:0648: tomcat security update (Important)	2008-08-27