Lucene search

K
cveRedhatCVE-2015-5345
HistoryFeb 25, 2016 - 1:59 a.m.

CVE-2015-5345

2016-02-2501:59:01
CWE-22
redhat
web.nvd.nist.gov
113
apache tomcat
mapper component
remote attackers
security constraints
redirects
directory existence vulnerability
nvd
cve-2015-5345

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.005

Percentile

77.1%

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

Affected configurations

Nvd
Node
debiandebian_linuxMatch7.0
OR
debiandebian_linuxMatch8.0
Node
apachetomcatMatch6.0.0
OR
apachetomcatMatch6.0.0alpha
OR
apachetomcatMatch6.0.1
OR
apachetomcatMatch6.0.1alpha
OR
apachetomcatMatch6.0.2
OR
apachetomcatMatch6.0.2alpha
OR
apachetomcatMatch6.0.2beta
OR
apachetomcatMatch6.0.4
OR
apachetomcatMatch6.0.4alpha
OR
apachetomcatMatch6.0.10
OR
apachetomcatMatch6.0.11
OR
apachetomcatMatch6.0.13
OR
apachetomcatMatch6.0.14
OR
apachetomcatMatch6.0.16
OR
apachetomcatMatch6.0.18
OR
apachetomcatMatch6.0.20
OR
apachetomcatMatch6.0.24
OR
apachetomcatMatch6.0.26
OR
apachetomcatMatch6.0.28
OR
apachetomcatMatch6.0.29
OR
apachetomcatMatch6.0.30
OR
apachetomcatMatch6.0.32
OR
apachetomcatMatch6.0.33
OR
apachetomcatMatch6.0.35
OR
apachetomcatMatch6.0.36
OR
apachetomcatMatch6.0.37
OR
apachetomcatMatch6.0.39
OR
apachetomcatMatch6.0.41
OR
apachetomcatMatch6.0.43
OR
apachetomcatMatch6.0.44
OR
apachetomcatMatch7.0.0beta
OR
apachetomcatMatch7.0.2beta
OR
apachetomcatMatch7.0.4beta
OR
apachetomcatMatch7.0.5beta
OR
apachetomcatMatch7.0.6
OR
apachetomcatMatch7.0.10
OR
apachetomcatMatch7.0.11
OR
apachetomcatMatch7.0.12
OR
apachetomcatMatch7.0.14
OR
apachetomcatMatch7.0.16
OR
apachetomcatMatch7.0.19
OR
apachetomcatMatch7.0.20
OR
apachetomcatMatch7.0.21
OR
apachetomcatMatch7.0.22
OR
apachetomcatMatch7.0.23
OR
apachetomcatMatch7.0.25
OR
apachetomcatMatch7.0.26
OR
apachetomcatMatch7.0.27
OR
apachetomcatMatch7.0.28
OR
apachetomcatMatch7.0.29
OR
apachetomcatMatch7.0.30
OR
apachetomcatMatch7.0.32
OR
apachetomcatMatch7.0.33
OR
apachetomcatMatch7.0.34
OR
apachetomcatMatch7.0.35
OR
apachetomcatMatch7.0.37
OR
apachetomcatMatch7.0.39
OR
apachetomcatMatch7.0.40
OR
apachetomcatMatch7.0.41
OR
apachetomcatMatch7.0.42
OR
apachetomcatMatch7.0.47
OR
apachetomcatMatch7.0.50
OR
apachetomcatMatch7.0.52
OR
apachetomcatMatch7.0.53
OR
apachetomcatMatch7.0.54
OR
apachetomcatMatch7.0.55
OR
apachetomcatMatch7.0.56
OR
apachetomcatMatch7.0.57
OR
apachetomcatMatch7.0.59
OR
apachetomcatMatch7.0.61
OR
apachetomcatMatch7.0.62
OR
apachetomcatMatch7.0.63
OR
apachetomcatMatch7.0.64
OR
apachetomcatMatch7.0.65
OR
apachetomcatMatch8.0.0rc1
OR
apachetomcatMatch8.0.0rc10
OR
apachetomcatMatch8.0.0rc3
OR
apachetomcatMatch8.0.0rc5
OR
apachetomcatMatch8.0.1
OR
apachetomcatMatch8.0.3
OR
apachetomcatMatch8.0.11
OR
apachetomcatMatch8.0.12
OR
apachetomcatMatch8.0.14
OR
apachetomcatMatch8.0.15
OR
apachetomcatMatch8.0.17
OR
apachetomcatMatch8.0.18
OR
apachetomcatMatch8.0.20
OR
apachetomcatMatch8.0.21
OR
apachetomcatMatch8.0.22
OR
apachetomcatMatch8.0.23
OR
apachetomcatMatch8.0.24
OR
apachetomcatMatch8.0.26
OR
apachetomcatMatch8.0.27
OR
apachetomcatMatch8.0.28
OR
apachetomcatMatch8.0.29
OR
apachetomcatMatch9.0.0milestone1
Node
canonicalubuntu_linuxMatch12.04lts
OR
canonicalubuntu_linuxMatch14.04lts
OR
canonicalubuntu_linuxMatch15.10
OR
canonicalubuntu_linuxMatch16.04lts
VendorProductVersionCPE
debiandebian_linux7.0cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
apachetomcat6.0.0cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
apachetomcat6.0.0cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*
apachetomcat6.0.1cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
apachetomcat6.0.1cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*
apachetomcat6.0.2cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
apachetomcat6.0.2cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*
apachetomcat6.0.2cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*
apachetomcat6.0.4cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
Rows per page:
1-10 of 1021

References

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.005

Percentile

77.1%