|Bugzilla:||559738: CVE-2009-2693 tomcat: unexpected file deletion and/or alteration|
The MITRE CVE dictionary describes this issue as:
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2693
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
This issue has been addressed in JBoss Enterprise Web Server 1.0.1: https://rhn.redhat.com/errata/RHSA-2010-0119.html
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Red Hat Application Server v2 4AS (tomcat5)||RHSA-2010:0582||August 02, 2010|
|Red Hat Certificate System 7.3 for 4AS (tomcat5)||RHSA-2010:0693||September 10, 2010|
|Red Hat Enterprise Linux version 5 (tomcat5)||RHSA-2010:0580||August 02, 2010|
|Red Hat JBoss Web Server 1.0 for RHEL 4 AS||RHSA-2010:0119||February 23, 2010|
|Red Hat JBoss Web Server 1.0 for RHEL 5 Server||RHSA-2010:0119||February 23, 2010|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.