VulnerableCode Vulnerability Details

System	Score	Found at
generic_textual	MODERATE	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
cvssv3.1	5.3	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
generic_textual	MODERATE	http://marc.info/?l=bugtraq&m=123376588623823&w=2
rhas	Important	https://access.redhat.com/errata/RHSA-2008:0648
rhas	Important	https://access.redhat.com/errata/RHSA-2008:0862
rhas	Important	https://access.redhat.com/errata/RHSA-2008:0864
rhas	Important	https://access.redhat.com/errata/RHSA-2008:0877
rhas	Low	https://access.redhat.com/errata/RHSA-2008:1007
epss	0.92931	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.93218	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.93218	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.93218	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.93218	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.93218	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.93218	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.93218	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.93218	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.93218	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.93218	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.93218	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.93218	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.93218	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.93218	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.93218	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.93218	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.96276	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.96276	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.96742	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.96742	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.96742	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.96742	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.96742	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.96769	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.96769	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.96769	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.96787	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
epss	0.96796	https://api.first.org/data/v1/epss?cve=CVE-2008-2938
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=456120
generic_textual	MODERATE	http://secunia.com/advisories/31639
generic_textual	MODERATE	http://secunia.com/advisories/31865
generic_textual	MODERATE	http://secunia.com/advisories/31891
generic_textual	MODERATE	http://secunia.com/advisories/31982
generic_textual	MODERATE	http://secunia.com/advisories/32120
generic_textual	MODERATE	http://secunia.com/advisories/32222
generic_textual	MODERATE	http://secunia.com/advisories/32266
generic_textual	MODERATE	http://secunia.com/advisories/33797
generic_textual	MODERATE	https://exchange.xforce.ibmcloud.com/vulnerabilities/44411
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-m7xj-ccqc-p4g2
cvssv3.1	7.5	https://github.com/apache/tomcat
generic_textual	HIGH	https://github.com/apache/tomcat
generic_textual	MODERATE	https://github.com/apache/tomcat/commit/c55ad56ed72ee1dbfe790bc5492d4df74e3e754f
cvssv3.1	4.2	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
cvssv3.1	4.2	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
cvssv3.1	4.2	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
cvssv3.1	4.2	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
cvssv3.1	4.2	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
cvssv3.1	4.2	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
generic_textual	MODERATE	https://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
cvssv2	4.3	https://nvd.nist.gov/vuln/detail/CVE-2008-2938
generic_textual	MODERATE	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10587
generic_textual	MODERATE	http://support.apple.com/kb/HT3216
generic_textual	MODERATE	http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
generic_textual	MODERATE	https://web.archive.org/web/20080827130946/http://securityreason.com/securityalert/4148
generic_textual	MODERATE	https://web.archive.org/web/20090201124623/http://secunia.com/advisories/31639
generic_textual	MODERATE	https://web.archive.org/web/20090201124633/http://secunia.com/advisories/31891
generic_textual	MODERATE	https://web.archive.org/web/20090201124638/http://secunia.com/advisories/32120
generic_textual	MODERATE	https://web.archive.org/web/20090201124957/http://secunia.com/advisories/31982
generic_textual	MODERATE	https://web.archive.org/web/20090201125002/http://secunia.com/advisories/32266
generic_textual	MODERATE	https://web.archive.org/web/20090201141000/http://secunia.com/advisories/32222
generic_textual	MODERATE	https://web.archive.org/web/20090207111236/http://secunia.com/advisories/33797
generic_textual	MODERATE	https://web.archive.org/web/20090308065055/http://secunia.com/advisories/31865
generic_textual	MODERATE	https://web.archive.org/web/20100516085845/http://secunia.com/advisories/37297
generic_textual	MODERATE	https://web.archive.org/web/20110711210039/http://rhn.redhat.com/errata/RHSA-2008-0862.html
generic_textual	MODERATE	https://web.archive.org/web/20110713233239/http://rhn.redhat.com/errata/RHSA-2008-0648.html
generic_textual	MODERATE	https://web.archive.org/web/20110713234158/http://rhn.redhat.com/errata/RHSA-2008-0864.html
generic_textual	MODERATE	https://web.archive.org/web/20140628064423/http://www.securityfocus.com/archive/1/495318/100/0/threaded
generic_textual	MODERATE	https://web.archive.org/web/20140628064448/http://www.securityfocus.com/archive/1/507729/100/0/threaded
generic_textual	MODERATE	https://web.archive.org/web/20140826163457/http://www.securityfocus.com/bid/30633
generic_textual	MODERATE	https://web.archive.org/web/20140826171227/http://www.securitytracker.com/id?1020665
generic_textual	MODERATE	https://web.archive.org/web/20140826232500/http://www.securityfocus.com/bid/31681
generic_textual	MODERATE	https://web.archive.org/web/20140827130327/http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt
generic_textual	MODERATE	https://web.archive.org/web/20200612070417/http://marc.info/?l=bugtraq&m=123376588623823&w=2
generic_textual	MODERATE	https://www.exploit-db.com/exploits/6229
generic_textual	MODERATE	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
generic_textual	MODERATE	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
generic_textual	MODERATE	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
cvssv3.1	4.2	http://tomcat.apache.org/security-4.html
generic_textual	MODERATE	http://tomcat.apache.org/security-4.html
cvssv3.1	4.2	http://tomcat.apache.org/security-5.html
generic_textual	MODERATE	http://tomcat.apache.org/security-5.html
cvssv3.1	9.8	http://tomcat.apache.org/security-6.html
generic_textual	CRITICAL	http://tomcat.apache.org/security-6.html
generic_textual	MODERATE	http://www.kb.cert.org/vuls/id/343355
generic_textual	MODERATE	http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
generic_textual	MODERATE	http://www.redhat.com/support/errata/RHSA-2008-0648.html
generic_textual	MODERATE	http://www.redhat.com/support/errata/RHSA-2008-0862.html
generic_textual	MODERATE	http://www.redhat.com/support/errata/RHSA-2008-0864.html
generic_textual	MODERATE	http://www.securityfocus.com/bid/31681
generic_textual	MODERATE	http://www.vupen.com/english/advisories/2008/2780
generic_textual	MODERATE	http://www.vupen.com/english/advisories/2008/2823
generic_textual	MODERATE	http://www.vupen.com/english/advisories/2009/0320

System

Score

Found at

generic_textual

MODERATE

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

generic_textual

MODERATE

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

cvssv3.1

5.3

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

generic_textual

MODERATE

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

generic_textual

MODERATE

http://marc.info/?l=bugtraq&m=123376588623823&w=2

rhas

Important

https://access.redhat.com/errata/RHSA-2008:0648

rhas

Important

https://access.redhat.com/errata/RHSA-2008:0862

rhas

Important

https://access.redhat.com/errata/RHSA-2008:0864

rhas

Important

https://access.redhat.com/errata/RHSA-2008:0877

rhas

Low

https://access.redhat.com/errata/RHSA-2008:1007

epss

0.92931

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.93218

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.93218

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.93218

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.93218

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.93218

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.93218

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.93218

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.93218

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.93218

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.93218

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.93218

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.93218

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.93218

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.93218

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.93218

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.93218

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.96276

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.96276

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.96742

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.96742

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.96742

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.96742

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.96742

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.96769

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.96769

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.96769

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.96787

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

epss

0.96796

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

rhbs

medium

https://bugzilla.redhat.com/show_bug.cgi?id=456120

generic_textual

MODERATE

http://secunia.com/advisories/31639

generic_textual

MODERATE

http://secunia.com/advisories/31865

generic_textual

MODERATE

http://secunia.com/advisories/31891

generic_textual

MODERATE

http://secunia.com/advisories/31982

generic_textual

MODERATE

http://secunia.com/advisories/32120

generic_textual

MODERATE

http://secunia.com/advisories/32222

generic_textual

MODERATE

http://secunia.com/advisories/32266

generic_textual

MODERATE

http://secunia.com/advisories/33797

generic_textual

MODERATE

https://exchange.xforce.ibmcloud.com/vulnerabilities/44411

cvssv3.1_qr

MODERATE

https://github.com/advisories/GHSA-m7xj-ccqc-p4g2

cvssv3.1

7.5

https://github.com/apache/tomcat

generic_textual

HIGH

https://github.com/apache/tomcat

generic_textual

MODERATE

https://github.com/apache/tomcat/commit/c55ad56ed72ee1dbfe790bc5492d4df74e3e754f

cvssv3.1

4.2

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

cvssv3.1

4.2

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

cvssv3.1

4.2

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

cvssv3.1

4.2

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

cvssv3.1

4.2

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

cvssv3.1

4.2

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

generic_textual

MODERATE

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

generic_textual

MODERATE

https://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

cvssv2

4.3

https://nvd.nist.gov/vuln/detail/CVE-2008-2938

generic_textual

MODERATE

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10587

generic_textual

MODERATE

http://support.apple.com/kb/HT3216

generic_textual

MODERATE

http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm

generic_textual

MODERATE

https://web.archive.org/web/20080827130946/http://securityreason.com/securityalert/4148

generic_textual

MODERATE

https://web.archive.org/web/20090201124623/http://secunia.com/advisories/31639

generic_textual

MODERATE

https://web.archive.org/web/20090201124633/http://secunia.com/advisories/31891

generic_textual

MODERATE

https://web.archive.org/web/20090201124638/http://secunia.com/advisories/32120

generic_textual

MODERATE

https://web.archive.org/web/20090201124957/http://secunia.com/advisories/31982

generic_textual

MODERATE

https://web.archive.org/web/20090201125002/http://secunia.com/advisories/32266

generic_textual

MODERATE

https://web.archive.org/web/20090201141000/http://secunia.com/advisories/32222

generic_textual

MODERATE

https://web.archive.org/web/20090207111236/http://secunia.com/advisories/33797

generic_textual

MODERATE

https://web.archive.org/web/20090308065055/http://secunia.com/advisories/31865

generic_textual

MODERATE

https://web.archive.org/web/20100516085845/http://secunia.com/advisories/37297

generic_textual

MODERATE

https://web.archive.org/web/20110711210039/http://rhn.redhat.com/errata/RHSA-2008-0862.html

generic_textual

MODERATE

https://web.archive.org/web/20110713233239/http://rhn.redhat.com/errata/RHSA-2008-0648.html

generic_textual

MODERATE

https://web.archive.org/web/20110713234158/http://rhn.redhat.com/errata/RHSA-2008-0864.html

generic_textual

MODERATE

https://web.archive.org/web/20140628064423/http://www.securityfocus.com/archive/1/495318/100/0/threaded

generic_textual

MODERATE

https://web.archive.org/web/20140628064448/http://www.securityfocus.com/archive/1/507729/100/0/threaded

generic_textual

MODERATE

https://web.archive.org/web/20140826163457/http://www.securityfocus.com/bid/30633

generic_textual

MODERATE

https://web.archive.org/web/20140826171227/http://www.securitytracker.com/id?1020665

generic_textual

MODERATE

https://web.archive.org/web/20140826232500/http://www.securityfocus.com/bid/31681

generic_textual

MODERATE

https://web.archive.org/web/20140827130327/http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt

generic_textual

MODERATE

https://web.archive.org/web/20200612070417/http://marc.info/?l=bugtraq&m=123376588623823&w=2

generic_textual

MODERATE

https://www.exploit-db.com/exploits/6229

generic_textual

MODERATE

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html

generic_textual

MODERATE

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html

generic_textual

MODERATE

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html

cvssv3.1

4.2

http://tomcat.apache.org/security-4.html

generic_textual

MODERATE

http://tomcat.apache.org/security-4.html

cvssv3.1

4.2

http://tomcat.apache.org/security-5.html

generic_textual

MODERATE

http://tomcat.apache.org/security-5.html

cvssv3.1

9.8

http://tomcat.apache.org/security-6.html

generic_textual

CRITICAL

http://tomcat.apache.org/security-6.html

generic_textual

MODERATE

http://www.kb.cert.org/vuls/id/343355

generic_textual

MODERATE

http://www.mandriva.com/security/advisories?name=MDVSA-2008:188

generic_textual

MODERATE

http://www.redhat.com/support/errata/RHSA-2008-0648.html

generic_textual

MODERATE

http://www.redhat.com/support/errata/RHSA-2008-0862.html

generic_textual

MODERATE

http://www.redhat.com/support/errata/RHSA-2008-0864.html

generic_textual

MODERATE

http://www.securityfocus.com/bid/31681

generic_textual

MODERATE

http://www.vupen.com/english/advisories/2008/2780

generic_textual

MODERATE

http://www.vupen.com/english/advisories/2008/2823

generic_textual

MODERATE

http://www.vupen.com/english/advisories/2009/0320

Reference id

Reference type

URL

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

http://marc.info/?l=bugtraq&m=123376588623823&w=2

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2938.json

https://api.first.org/data/v1/epss?cve=CVE-2008-2938

http://secunia.com/advisories/31639

http://secunia.com/advisories/31865

http://secunia.com/advisories/31891

http://secunia.com/advisories/31982

http://secunia.com/advisories/32120

http://secunia.com/advisories/32222

http://secunia.com/advisories/32266

http://secunia.com/advisories/33797

http://secunia.com/advisories/37297

http://securityreason.com/securityalert/4148

https://exchange.xforce.ibmcloud.com/vulnerabilities/44411

https://github.com/apache/tomcat

https://github.com/apache/tomcat/commit/150bc791ac3ba40081425dd1c37a053fbb02b339

https://github.com/apache/tomcat/commit/c55ad56ed72ee1dbfe790bc5492d4df74e3e754f

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

https://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10587

http://support.apple.com/kb/HT3216

http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm

https://web.archive.org/web/20080827130946/http://securityreason.com/securityalert/4148

https://web.archive.org/web/20090201124623/http://secunia.com/advisories/31639

https://web.archive.org/web/20090201124633/http://secunia.com/advisories/31891

https://web.archive.org/web/20090201124638/http://secunia.com/advisories/32120

https://web.archive.org/web/20090201124957/http://secunia.com/advisories/31982

https://web.archive.org/web/20090201125002/http://secunia.com/advisories/32266

https://web.archive.org/web/20090201141000/http://secunia.com/advisories/32222

https://web.archive.org/web/20090207111236/http://secunia.com/advisories/33797

https://web.archive.org/web/20090308065055/http://secunia.com/advisories/31865

https://web.archive.org/web/20100516085845/http://secunia.com/advisories/37297

https://web.archive.org/web/20110711210039/http://rhn.redhat.com/errata/RHSA-2008-0862.html

https://web.archive.org/web/20110713233239/http://rhn.redhat.com/errata/RHSA-2008-0648.html

https://web.archive.org/web/20110713234158/http://rhn.redhat.com/errata/RHSA-2008-0864.html

https://web.archive.org/web/20140628064423/http://www.securityfocus.com/archive/1/495318/100/0/threaded

https://web.archive.org/web/20140628064448/http://www.securityfocus.com/archive/1/507729/100/0/threaded

https://web.archive.org/web/20140826163457/http://www.securityfocus.com/bid/30633

https://web.archive.org/web/20140826171227/http://www.securitytracker.com/id?1020665

https://web.archive.org/web/20140826232500/http://www.securityfocus.com/bid/31681

https://web.archive.org/web/20140827130327/http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt

https://web.archive.org/web/20200612070417/http://marc.info/?l=bugtraq&m=123376588623823&w=2

https://www.exploit-db.com/exploits/6229

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html

http://tomcat.apache.org/security-4.html

http://tomcat.apache.org/security-5.html

http://tomcat.apache.org/security-6.html

http://www.kb.cert.org/vuls/id/343355

http://www.mandriva.com/security/advisories?name=MDVSA-2008:188

http://www.redhat.com/support/errata/RHSA-2008-0648.html

http://www.redhat.com/support/errata/RHSA-2008-0862.html

http://www.redhat.com/support/errata/RHSA-2008-0864.html

http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt

http://www.securityfocus.com/archive/1/495318/100/0/threaded

http://www.securityfocus.com/archive/1/507729/100/0/threaded

http://www.securityfocus.com/bid/30633

http://www.securityfocus.com/bid/31681

http://www.securitytracker.com/id?1020665

http://www.vupen.com/english/advisories/2008/2343

http://www.vupen.com/english/advisories/2008/2780

http://www.vupen.com/english/advisories/2008/2823

http://www.vupen.com/english/advisories/2009/0320

456120

https://bugzilla.redhat.com/show_bug.cgi?id=456120

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*

CVE-2008-2938

Exploit

https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/14489.c

CVE-2008-2938

https://nvd.nist.gov/vuln/detail/CVE-2008-2938

GHSA-m7xj-ccqc-p4g2

https://github.com/advisories/GHSA-m7xj-ccqc-p4g2

OSVDB-47464;CVE-2008-2938

Exploit

https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/6229.txt

RHSA-2008:0648

https://access.redhat.com/errata/RHSA-2008:0648

RHSA-2008:0862

https://access.redhat.com/errata/RHSA-2008:0862

RHSA-2008:0864

https://access.redhat.com/errata/RHSA-2008:0864

RHSA-2008:0877

https://access.redhat.com/errata/RHSA-2008:0877

RHSA-2008:1007

https://access.redhat.com/errata/RHSA-2008:1007

Data source	Exploit-DB
Date added	July 28, 2010
Description	Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal
Ransomware campaign use	Known
Source publication date	July 28, 2010
Exploit type	remote
Platform	unix
Source update date	March 30, 2017

Exploit-DB

July 28, 2010

Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal

Known

July 28, 2010

remote

unix

March 30, 2017

Data source	Metasploit
Description	This module tests whether a directory traversal vulnerability is present in Trend Micro DLP (Data Loss Prevention) Appliance v5.5 build <= 1294. The vulnerability appears to be actually caused by the Tomcat UTF-8 bug which is implemented in module tomcat_utf8_traversal CVE 2008-2938. This module simply tests for the same bug with Trend Micro specific settings. Note that in the Trend Micro appliance, /etc/shadow is not used and therefore password hashes are stored and anonymously accessible in the passwd file.
Note	Stability: - crash-safe SideEffects: - ioc-in-logs Reliability: []
Ransomware campaign use	Unknown
Source publication date	Jan. 9, 2009
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/admin/http/trendmicro_dlp_traversal.rb

Metasploit

This module tests whether a directory traversal vulnerability is present in Trend Micro DLP (Data Loss Prevention) Appliance v5.5 build <= 1294. The vulnerability appears to be actually caused by the Tomcat UTF-8 bug which is implemented in module tomcat_utf8_traversal CVE 2008-2938. This module simply tests for the same bug with Trend Micro specific settings. Note that in the Trend Micro appliance, /etc/shadow is not used and therefore password hashes are stored and anonymously accessible in the passwd file.

Stability:
  - crash-safe
SideEffects:
  - ioc-in-logs
Reliability: []

Unknown

Jan. 9, 2009

https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/admin/http/trendmicro_dlp_traversal.rb

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2008-2938

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at http://tomcat.apache.org/security-4.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at http://tomcat.apache.org/security-5.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://tomcat.apache.org/security-6.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.

There are no relevant records.

Vulnerability ID	VCID-2a4u-vpgj-aaaa
Aliases	CVE-2008-2938 GHSA-m7xj-ccqc-p4g2
Summary	CVE-2008-2938 tomcat Unicode directory traversal vulnerability
Status	Published
Exploitability	2.0
Weighted Severity	8.0
Risk	10.0
Affected and Fixed Packages	Package Details

Percentile	0.99761
EPSS Score	0.92931
Published At	June 25, 2025, 12:55 p.m.