Miggo Logo

CVE-2008-2370: Apache Tomcat Path Traversal Vulnerability

5

CVSS Score

Basic Information

EPSS Score
0.9949%
Published
5/1/2022
Updated
2/9/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.tomcat:tomcatmaven>= 4.1.0, <= 4.1.374.1.38
org.apache.tomcat:tomcatmaven>= 5.5.0, <= 5.5.265.5.27
org.apache.tomcat:tomcatmaven>= 6.0.0, <= 6.0.166.0.18

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability (CVE-2008-2370) stems from Tomcat's RequestDispatcher performing path normalization before removing the query string. This allowed attackers to inject '..' sequences via request parameters to bypass security constraints. The functions responsible for URI parsing and normalization in the ApplicationDispatcher class are directly implicated, as the fix involved reordering these operations (strip query first, then normalize). Commit diffs and Apache's security advisories confirm the affected logic resided in these components.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*p**** Tom**t *.*.* t*rou** *.*.**, *.*.* t*rou** *.*.**, *n* *.*.* t*rou** *.*.**, w**n * `R*qu*st*isp*t***r` is us**, p*r*orms p*t* norm*liz*tion ***or* r*movin* t** qu*ry strin* *rom t** URI, w*i** *llows r*mot* *tt**k*rs to *on*u*t *ir**tory tr*v

Reasoning

T** vuln*r**ility (*V*-****-****) st*ms *rom Tom**t's `R*qu*st*isp*t***r` p*r*ormin* p*t* norm*liz*tion ***or* r*movin* t** qu*ry strin*. T*is *llow** *tt**k*rs to inj**t '..' s*qu*n**s vi* r*qu*st p*r*m*t*rs to *yp*ss s**urity *onstr*ints. T** `*un*