exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2008-2938

Status Candidate

Overview

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.

Related Files

Apache Tomcat UTF-8 Directory Traversal
Posted Jul 28, 2010
Authored by Simon Ryeo, mywisdom

UTF-8 directory traversal /etc/passwd grabbing exploit for Apache Tomcat versions prior to 6.0.18.

tags | exploit, file inclusion
advisories | CVE-2008-2938
SHA-256 | 976e244165fc9beb273d4e21c954c5135843e2b1fb28d129213c11847fd97471
ToutVirtual VirtualIQ Pro XSS / XSRF / Execution
Posted Nov 17, 2009
Authored by Alberto Trivero, Claudio Criscione | Site securenetwork.it

ToutVirtual VirtualIQ Pro version 3.2 build 7882 suffers from cross site scripting, cross site request forgery, directory traversal, and code execution vulnerabilities.

tags | exploit, vulnerability, code execution, xss, csrf
advisories | CVE-2008-2938, CVE-2006-3835
SHA-256 | be15df3bd0178cb4b549275b0607bdc8ef2f56fa239e3f196ae0efb687ac63ef
HP Security Bulletin 2009-00.5
Posted Feb 4, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.

tags | advisory, web, denial of service, arbitrary, vulnerability, xss, csrf
systems | hpux
advisories | CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939, CVE-2008-3658
SHA-256 | 98b02b39e8efb68d6c260ae6b528aaa0975fbbdee2d8d7324a63f20b0db19b90
Oracle Containers For Java Traversal
Posted Jan 21, 2009
Authored by Sirdarckcat | Site sirdarckcat.net

The Oracle Containers For Java (OC4J) in the Oracle Application Server 10g suffers from a directory traversal vulnerability.

tags | exploit, java, file inclusion
advisories | CVE-2008-2938
SHA-256 | d382fb99ab02805477ef1961d910f2d0495189ba45d6a79eff38e57289168967
Apache Tomcat Information Disclosure
Posted Dec 22, 2008
Authored by Mark Thomas | Site tomcat.apache.org

This vulnerability was originally reported to the Apache Software Foundation as a Tomcat vulnerability. Investigations quickly identified that the root cause was an issue with the UTF-8 charset implementation within the JVM. The issue existed in multiple JVMs including current versions from Sun, HP, IBM, Apple and Apache. It was decided to continue to report this as a Tomcat vulnerability until such time as the JVM vendors had released fixed versions.

tags | advisory, root
systems | apple
advisories | CVE-2008-2938
SHA-256 | e900270f78788247830b00a35c41b325144bc065b616b71c79bd1ef3ec0ed86b
wikid-tomcat.txt
Posted Sep 17, 2008
Site wikidsystems.com

The WiKID Strong Authentication server has released an update for the Tomcat server associated with this software. It updates Tomcat to 5.5.27 to address a large amount of vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286
SHA-256 | a8c41c441cc362473d836e2155189f3679c6855e0acebd1877d9082428c45e77
CVE-2008-2938.txt
Posted Sep 10, 2008
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2008-2938
SHA-256 | 336ae34f18a11aaa4141e2fcd7aeb318b8b924dd30a3de3cafb02c982c3cd061
Mandriva Linux Security Advisory 2008-188
Posted Sep 6, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of vulnerabilities have been discovered in the Apache Tomcat server. The default catalina.policy in the JULI logging component did not restrict certain permissions for web applications which could allow a remote attacker to modify logging configuration options and overwrite arbitrary files. A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers. A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter. A traversal vulnerability was found when using a RequestDispatcher in combination with a servlet or JSP that could allow a remote attacker to utilize a specially-crafted request parameter to access protected web resources. A traversal vulnerability was found when the 'allowLinking' and 'URIencoding' settings were actived which could allow a remote attacker to use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, arbitrary, local, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2007-5342, CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938
SHA-256 | 671c266b622abcde147cced4d2ade0342dc354b1e14091c9d9d4d069b8cb34a4
tomcat-traverse.txt
Posted Aug 13, 2008
Authored by Simon Ryeo

Apache Tomcat versions prior to 6.0.18 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2008-2938
SHA-256 | a4627d264413d5c228e2b45310a653f9683c2975d1a995ec77da67395ba2d871
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close