The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 02:32
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html - | |
| References | () http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html - | |
| References | () http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html - | |
| References | () http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html - | |
| References | () http://marc.info/?l=bugtraq&m=145974991225029&w=2 - | |
| References | () http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html - | |
| References | () http://rhn.redhat.com/errata/RHSA-2016-1089.html - | |
| References | () http://rhn.redhat.com/errata/RHSA-2016-2045.html - | |
| References | () http://rhn.redhat.com/errata/RHSA-2016-2599.html - | |
| References | () http://seclists.org/bugtraq/2016/Feb/146 - | |
| References | () http://seclists.org/fulldisclosure/2016/Feb/122 - | |
| References | () http://svn.apache.org/viewvc?view=revision&revision=1715206 - | |
| References | () http://svn.apache.org/viewvc?view=revision&revision=1715207 - | |
| References | () http://svn.apache.org/viewvc?view=revision&revision=1715213 - | |
| References | () http://svn.apache.org/viewvc?view=revision&revision=1715216 - | |
| References | () http://svn.apache.org/viewvc?view=revision&revision=1716882 - | |
| References | () http://svn.apache.org/viewvc?view=revision&revision=1716894 - | |
| References | () http://svn.apache.org/viewvc?view=revision&revision=1717209 - | |
| References | () http://svn.apache.org/viewvc?view=revision&revision=1717212 - | |
| References | () http://svn.apache.org/viewvc?view=revision&revision=1717216 - | |
| References | () http://tomcat.apache.org/security-6.html - Vendor Advisory | |
| References | () http://tomcat.apache.org/security-7.html - Vendor Advisory | |
| References | () http://tomcat.apache.org/security-8.html - Vendor Advisory | |
| References | () http://tomcat.apache.org/security-9.html - Vendor Advisory | |
| References | () http://www.debian.org/security/2016/dsa-3530 - | |
| References | () http://www.debian.org/security/2016/dsa-3552 - | |
| References | () http://www.debian.org/security/2016/dsa-3609 - | |
| References | () http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html - | |
| References | () http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html - | |
| References | () http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html - | |
| References | () http://www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html - | |
| References | () http://www.securityfocus.com/bid/83328 - | |
| References | () http://www.securitytracker.com/id/1035071 - | |
| References | () http://www.ubuntu.com/usn/USN-3024-1 - | |
| References | () https://access.redhat.com/errata/RHSA-2016:1087 - | |
| References | () https://access.redhat.com/errata/RHSA-2016:1088 - | |
| References | () https://bto.bluecoat.com/security-advisory/sa118 - | |
| References | () https://bz.apache.org/bugzilla/show_bug.cgi?id=58765 - | |
| References | () https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964 - | |
| References | () https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442 - | |
| References | () https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626 - | |
| References | () https://kc.mcafee.com/corporate/index?page=content&id=SB10156 - | |
| References | () https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E - | |
| References | () https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E - | |
| References | () https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E - | |
| References | () https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E - | |
| References | () https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E - | |
| References | () https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E - | |
| References | () https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E - | |
| References | () https://security.gentoo.org/glsa/201705-09 - | |
| References | () https://security.netapp.com/advisory/ntap-20180531-0001/ - |
07 Nov 2023, 02:26
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
Information
Published : 2016-02-25 01:59
Updated : 2024-11-21 02:32
NVD link : CVE-2015-5345
Mitre link : CVE-2015-5345
CVE.ORG link : CVE-2015-5345
JSON object : View
Products Affected
debian
- debian_linux
apache
- tomcat
canonical
- ubuntu_linux
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')