CVE-2009-2902
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat
EPSS 11.9%
Description
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
How to fix CVE-2009-2902
To remediate CVE-2009-2902, upgrade the affected package to a fixed version below.
- Maven/org.apache.tomcat:tomcat—upgrade to 5.5.29 or later
Is CVE-2009-2902 being exploited?
Moderate — EPSS is 11.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- >= 5.5.0, < 5.5.29