Package: tomcat5.5 Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for tomcat5.5.
CVE-2008-2938[0]: | Directory traversal vulnerability in Apache Tomcat 4.1.0 through | 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when | allowLinking and UTF-8 are enabled, allows remote attackers to read | arbitrary files via encoded directory traversal sequences in the URI, | a different vulnerability than CVE-2008-2370. NOTE: versions earlier | than 6.0.18 were reported affected, but the vendor advisory lists | 6.0.16 as the last affected version. The upstream advisory can be found here[1]. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938 http://security-tracker.debian.net/tracker/CVE-2008-2938 [1] http://tomcat.apache.org/security-5.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
