Page History

...

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
IDS01-J	high	probable	medium	P12	L1

Guidelines

CVE-2008-2370

describes a vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16. When a RequestDispatcher is used, Tomcat performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

Search for other vulnerabilities resulting from the violation of this rule on the CERT website.

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="21dd5fcf480af7ab-e5094395-42eb4a28-9b319a23-31606a1bc89a663bf99c00d9"><ac:plain-text-body><![CDATA[	[[OWASP 2005	AA. Bibliography#OWASP 05]]		]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ac83245ef1ad57f2-cbee2205-48b74afe-b3749daf-9924aaf6dcb39d95ef97d9db"><ac:plain-text-body><![CDATA[	[[OWASP 2007	AA. Bibliography#OWASP 07]]		]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2658a675d50ca4b2-7a06c041-49cb4b37-94f0b2d6-a0bd5b19305c5feda0b6fd87"><ac:plain-text-body><![CDATA[	[[OWASP 2008	AA. Bibliography#OWASP 08]]		]]></ac:plain-text-body></ac:structured-macro>
Testing for XML Injection (OWASP-DV-008)
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="aa32fad0e9589ec4-8f5cf044-4e9e444e-97f990f2-137e2ef93f57a9a031505c06"><ac:plain-text-body><![CDATA[	[[W3C 2008	AA. Bibliography#W3C 08]]	4.4.3 Included If Validating	]]></ac:plain-text-body></ac:structured-macro>

...

Space shortcuts

Page tree

Versions Compared

Old Version 73

New Version 74

Key

Related

Guidelines