CVE-2009-2693
Apache Tomcat Directory Traversal vulnerability
EPSS 15.3%
Description
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a `..` (dot dot) in an entry in a WAR file, as demonstrated by a `../../bin/catalina.bat` entry.
How to fix CVE-2009-2693
To remediate CVE-2009-2693, upgrade the affected package to a fixed version below.
- Maven/org.apache.tomcat:tomcat—upgrade to 5.5.29 or later
Is CVE-2009-2693 being exploited?
Moderate — EPSS is 15.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- >= 5.5.0, < 5.5.29