CVE-2009-2902

medium

Apache

CVSS v3 Base Score

4.3

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Score

10.1%

Exploitation probability in 30 days

Top 7% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

None

Integrity

Availability

None

Published: January 28, 2010 (5950 days ago)

Last Modified: April 29, 2026

Vendor: Apache

Source: NVD

Description

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.

CWE

CWE-22

Affected Products

apache tomcat

References

🔗 h20000.www2.hp.com 🔗 lists.apple.com 🔗 lists.opensuse.org 🔗 lists.opensuse.org 🔗 lists.opensuse.org

CVE-2009-2902

Vulnerability Report

Description

CWE

Affected Products

References