The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
08 Dec 2023, 16:41
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CPE | cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:* |
Information
Published : 2016-02-25 01:59
Updated : 2024-02-04 18:53
NVD link : CVE-2015-5345
Mitre link : CVE-2015-5345
CVE.ORG link : CVE-2015-5345
JSON object : View
Products Affected
canonical
- ubuntu_linux
apache
- tomcat
debian
- debian_linux
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')