NVD Vulnerability Detail

CVE-2009-2693

Summary	Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
Publication Date	Jan. 29, 2010, 5:30 a.m.
Registration Date	Jan. 29, 2021, 1:21 p.m.
Last Update	Nov. 7, 2023, 11:04 a.m.

CVSS2.0 : MEDIUM
Score	5.8
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:5.5.27:::::::*
cpe:2.3:a:apache:tomcat:5.5.18:::::::*
cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.12:::::::*
cpe:2.3:a:apache:tomcat:5.5.14:::::::*
cpe:2.3:a:apache:tomcat:5.5.10:::::::*
cpe:2.3:a:apache:tomcat:5.5.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.7:::::::*
cpe:2.3:a:apache:tomcat:5.5.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:5.5.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.28:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.6:::::::*
cpe:2.3:a:apache:tomcat:5.5.26:::::::*
cpe:2.3:a:apache:tomcat:5.5.20:::::::*
cpe:2.3:a:apache:tomcat:5.5.15:::::::*
cpe:2.3:a:apache:tomcat:5.5.5:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:5.5.21:::::::*
cpe:2.3:a:apache:tomcat:5.5.22:::::::*
cpe:2.3:a:apache:tomcat:6.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:5.5.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.17:::::::*
cpe:2.3:a:apache:tomcat:6.0:::::::*
cpe:2.3:a:apache:tomcat:5.5.9:::::::*
cpe:2.3:a:apache:tomcat:5.5.25:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:5.5.2:::::::*
cpe:2.3:a:apache:tomcat:5.5.0:::::::*
cpe:2.3:a:apache:tomcat:5.5.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:5.5.24:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*
cpe:2.3:a:apache:tomcat:5.5.8:::::::*
cpe:2.3:a:apache:tomcat:5.5.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:5.5.17:::::::*
cpe:2.3:a:apache:tomcat:5.5.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:5.5.23:::::::*
cpe:2.3:a:apache:tomcat:6.0.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://svn.apache.org/viewvc?rev=892815&view=rev	CONFIRM	Patch
2	http://securitytracker.com/id?1023505	SECTRACK
3	http://www.vupen.com/english/advisories/2010/0213	VUPEN	Patch Vendor Advisory
4	http://svn.apache.org/viewvc?rev=902650&view=rev	CONFIRM
5	http://secunia.com/advisories/38316	SECUNIA	Vendor Advisory
6	http://secunia.com/advisories/38346	SECUNIA	Vendor Advisory
7	http://tomcat.apache.org/security-6.html	CONFIRM	Patch Vendor Advisory
8	http://tomcat.apache.org/security-5.html	CONFIRM	Patch Vendor Advisory
9	http://www.securityfocus.com/bid/37944	BID
10	http://secunia.com/advisories/38541	SECUNIA
11	http://ubuntu.com/usn/usn-899-1	UBUNTU
12	http://secunia.com/advisories/38687	SECUNIA
13	http://www.redhat.com/support/errata/RHSA-2010-0119.html	REDHAT
14	http://support.apple.com/kb/HT4077	CONFIRM
15	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html	APPLE
16	http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html	SUSE
17	http://secunia.com/advisories/39317	SECUNIA
18	http://secunia.com/advisories/40330	SECUNIA
19	http://www.vupen.com/english/advisories/2010/1559	VUPEN
20	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113	HP
21	http://secunia.com/advisories/40813	SECUNIA
22	http://www.redhat.com/support/errata/RHSA-2010-0580.html	REDHAT
23	http://www.vupen.com/english/advisories/2010/1986	VUPEN
24	http://www.redhat.com/support/errata/RHSA-2010-0582.html	REDHAT
25	http://www.mandriva.com/security/advisories?name=MDVSA-2010:176	MANDRIVA
26	http://www.mandriva.com/security/advisories?name=MDVSA-2010:177	MANDRIVA
27	http://secunia.com/advisories/43310	SECUNIA
28	http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html	CONFIRM
29	http://www.vmware.com/security/advisories/VMSA-2011-0003.html	CONFIRM
30	http://www.debian.org/security/2011/dsa-2207	DEBIAN
31	http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html	SUSE
32	http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html	SUSE
33	http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html	SUSE
34	http://marc.info/?l=bugtraq&m=136485229118404&w=2	HP
35	http://marc.info/?l=bugtraq&m=139344343412337&w=2	HP
36	http://secunia.com/advisories/57126	SECUNIA
37	http://marc.info/?l=bugtraq&m=133469267822771&w=2	HP
38	http://marc.info/?l=bugtraq&m=127420533226623&w=2	HP
39	https://exchange.xforce.ibmcloud.com/vulnerabilities/55855	XF
40	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7017	OVAL
41	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19355	OVAL
42	http://www.securityfocus.com/archive/1/516397/100/0/threaded	BUGTRAQ
43	http://www.securityfocus.com/archive/1/509148/100/0/threaded	BUGTRAQ
44	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
45	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
46	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
47	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-22	パス・トラバーサル	https://cwe.mitre.org/data/definitions/22.html

JVN Vulnerability Information

Apache Tomcat におけるディレクトリトラバーサルの脆弱性

Title	Apache Tomcat におけるディレクトリトラバーサルの脆弱性
Summary	Apache Tomcat には、任意のファイルを作成される、または上書きされる脆弱性が存在します。
Possible impacts	第三者により、WAR ファイルのエントリの .. (ドットドット)を介して、任意のファイルを作成される、または上書きされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Jan. 28, 2010, midnight
Registration Date	Feb. 23, 2010, 11:57 a.m.
Last Update	March 23, 2015, 5:39 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 5.0 (client)

RHEL Desktop Workstation 5 (client)

ヒューレット・パッカード

HP XP P9000 Performance Advisor ソフトウェア 5.4.1 およびそれ以前

HP-UX 11.11

HP-UX 11.23

HP-UX 11.31

HP-UX Tomcat-based Servlet Engine 5.5.30.01 未満

Apache Software Foundation

Apache Tomcat 5.5.0 から 5.5.28

Apache Tomcat 6.0.0 から 6.0.20

オラクル

OpenSolaris

Oracle Solaris 10

Oracle Solaris 9

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

アップル

Apple Mac OS X Server v10.5.8

Apple Mac OS X Server v10.6 から v10.6.2

日本電気

WebOTX Developer V7. から V8.1x

WebOTX Enterprise Edition V4. から V6.x

WebOTX Enterprise Service Bus Ver6.4 から V7.x

WebOTX SIP Application Server V7.x から V8.1x

WebOTX Standard Edition V4.x から V6.x

WebOTX Standard-J Edition V4.x から V6.x

WebOTX UDDI Registry V1.1 から V7.1

WebOTX Web Edition V4.x から V6.x

WebOTX 開発環境 V6.1 から V6.5

WebOTX Application Server Enterprise Edition V7.x から V8.1x

WebOTX Application Server Enterprise V8.2

WebOTX Application Server Express V8.2

WebOTX Application Server Foundation V8.2

WebOTX Application Server Standard Edition V7.x から V8.1x

WebOTX Application Server Standard V8.2

WebOTX Application Server Standard-J Edition V7.x から V8.1x

WebOTX Application Server Web Edition V7.x から V8.1x

VMware

VMware ESX 3.0.3

VMware ESX 3.5

VMware ESX 4.0

VMware ESX 4.1

VMware vCenter 4.0

VMware vCenter 4.1

VMware VirtualCenter 2.5

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-2693	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693
National Vulnerability Database (NVD)
2	CVE-2009-2693	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2693

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-22	https://jvndb.jvn.jp/ja/cwe/CWE-22.html

ベンダー情報

No	Name	URL
Apache Software Foundation
1	security-5	http://tomcat.apache.org/security-5.html
2	security-6	http://tomcat.apache.org/security-6.html
Apache-SVN
3	892815	http://svn.apache.org/viewvc?rev=892815&view=rev
4	902650	http://svn.apache.org/viewvc?rev=902650&view=rev
Apple Mailing Lists
5	APPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3	http://lists.apple.com/archives/security-announce/2010/Mar/msg00001.html
Apple Security Updates
6	HT4077	http://support.apple.com/kb/HT4077
Apple セキュリティアップデート
7	HT4077	http://support.apple.com/kb/HT4077?viewlocale=ja_JP
Asianux Technical Support Network
8	tomcat5-5.5.23-0jpp.9.0.1.AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1222
Hewlett Packard
9	HPUXWSATW313	https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW313
HP Security Bulletin
10	HPSBST02955 SSRT101157	http://h20000.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04047415
11	HPSBUX02541 SSRT100145	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02241113
12	HPSBUX02860 SSRT101146	http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c03716627&lang=en&cc=us
NEC製品セキュリティ情報
13	NV11-001	http://www.nec.co.jp/security-info/secinfo/nv11-001.html
Red Hat Security Advisory
14	RHSA-2010:0119	http://rhn.redhat.com/errata/RHSA-2010-0119.html
15	RHSA-2010:0580	https://rhn.redhat.com/errata/RHSA-2010-0580.html
16	RHSA-2010:0582	http://rhn.redhat.com/errata/RHSA-2010-0582.html
Release Notes
17	VMware vCenter Server 4.1 Update 1 Release Notes	http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
SECURITY BLOG
18	Multiple Vulnerabilities in Apache Tomcat	https://blogs.oracle.com/sunsecurity/entry/cve_2009_2902_cve_2009
19	Multiple vulnerabilities in Oracle Java Web Console	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1
VMware Security Advisories
20	VMSA-2011-0003	http://www.vmware.com/security/advisories/VMSA-2011-0003.html

その他

No	Name	URL
ISS X-Force Database
1	55855	http://xforce.iss.net/xforce/xfdb/55855
Secunia Advisory
2	SA38316	http://secunia.com/advisories/38316/
3	SA38346	http://secunia.com/advisories/38346/
4	SA40330	http://secunia.com/advisories/40330
5	SA40813	http://secunia.com/advisories/40813
6	SA43310	http://secunia.com/advisories/43310
SecurityFocus
7	37944	http://www.securityfocus.com/bid/37944
SecurityTracker
8	1023505	http://securitytracker.com/id?1023505
VUPEN Security
9	VUPEN/ADV-2010-0213	http://www.vupen.com/english/advisories/2010/0213
10	VUPEN/ADV-2010-1559	http://www.vupen.com/english/advisories/2010/1559
11	VUPEN/ADV-2010-1986	http://www.vupen.com/english/advisories/2010/1986

Change Log

No	Changed Details	Date of change
0	20[2010年02月23日] 掲載 [2010年04月26日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：アップル (HT4077) を追加 [2010年07月07日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：ヒューレット・パッカード (HPSBUX02541) を追加 [2010年08月18日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新影響を受けるシステム：レッドハット (RHSA-2010:0580) の情報を追加ベンダ情報：ミラクル・リナックス (tomcat5-5.5.23-0jpp.9.0.1.AXS3) を追加ベンダ情報：レッドハット (RHSA-2010:0580) を追加 [2010年10月28日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Multiple Vulnerabilities in Apache Tomcat) を追加 [2010年12月15日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：ヒューレット・パッカード (HPUXWSATW313) を追加ベンダ情報：ヒューレット・パッカード (HPSBUX02612 SSRT100345) を追加 [2011年02月28日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：VMware (VMSA-2011-0003) を追加 [2011年05月10日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：日本電気 (NV11-001) を追加 [2012年09月28日] ベンダ情報：オラクル (Multiple vulnerabilities in Oracle Java Web Console) を追加 [2015年03月23日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：VMware (VMware vCenter Server 4.1 Update 1 Release Notes) を追加ベンダ情報：アップル (APPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3) を追加ベンダ情報：レッドハット (RHSA-2010:0582) を追加ベンダ情報：レッドハット (RHSA-2010:0119) を追加ベンダ情報：ヒューレット・パッカード (HPSBST02955 SSRT101157) を追加ベンダ情報：ヒューレット・パッカード (HPSBUX02541 SSRT100145) を追加ベンダ情報：ヒューレット・パッカード (HPSBUX02860 SSRT101146) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:5.5.27:::::::*
cpe:2.3:a:apache:tomcat:5.5.18:::::::*
cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.12:::::::*
cpe:2.3:a:apache:tomcat:5.5.14:::::::*
cpe:2.3:a:apache:tomcat:5.5.10:::::::*
cpe:2.3:a:apache:tomcat:5.5.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.7:::::::*
cpe:2.3:a:apache:tomcat:5.5.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:5.5.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.28:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.6:::::::*
cpe:2.3:a:apache:tomcat:5.5.26:::::::*
cpe:2.3:a:apache:tomcat:5.5.20:::::::*
cpe:2.3:a:apache:tomcat:5.5.15:::::::*
cpe:2.3:a:apache:tomcat:5.5.5:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:5.5.21:::::::*
cpe:2.3:a:apache:tomcat:5.5.22:::::::*
cpe:2.3:a:apache:tomcat:6.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:5.5.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.17:::::::*
cpe:2.3:a:apache:tomcat:6.0:::::::*
cpe:2.3:a:apache:tomcat:5.5.9:::::::*
cpe:2.3:a:apache:tomcat:5.5.25:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:5.5.2:::::::*
cpe:2.3:a:apache:tomcat:5.5.0:::::::*
cpe:2.3:a:apache:tomcat:5.5.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:5.5.24:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*
cpe:2.3:a:apache:tomcat:5.5.8:::::::*
cpe:2.3:a:apache:tomcat:5.5.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:5.5.17:::::::*
cpe:2.3:a:apache:tomcat:5.5.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:5.5.23:::::::*
cpe:2.3:a:apache:tomcat:6.0.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*