GitHub Advisory DatabaseGHSA-RH8Q-VJGF-GF74Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
73.2%
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
References
lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
marc.info/?l=bugtraq&m=145974991225029&w=2
packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html
rhn.redhat.com/errata/RHSA-2016-1089.html
rhn.redhat.com/errata/RHSA-2016-2045.html
rhn.redhat.com/errata/RHSA-2016-2599.html
seclists.org/bugtraq/2016/Feb/146
seclists.org/fulldisclosure/2016/Feb/122
svn.apache.org/viewvc?view=revision&revision=1715206
svn.apache.org/viewvc?view=revision&revision=1715207
svn.apache.org/viewvc?view=revision&revision=1715213
svn.apache.org/viewvc?view=revision&revision=1715216
svn.apache.org/viewvc?view=revision&revision=1716882
svn.apache.org/viewvc?view=revision&revision=1716894
svn.apache.org/viewvc?view=revision&revision=1717209
svn.apache.org/viewvc?view=revision&revision=1717212
svn.apache.org/viewvc?view=revision&revision=1717216
tomcat.apache.org/security-6.html
tomcat.apache.org/security-7.html
tomcat.apache.org/security-8.html
tomcat.apache.org/security-9.html
www.debian.org/security/2016/dsa-3530
www.debian.org/security/2016/dsa-3552
www.debian.org/security/2016/dsa-3609
www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html
www.ubuntu.com/usn/USN-3024-1
access.redhat.com/errata/RHSA-2016:1087
access.redhat.com/errata/RHSA-2016:1088
bto.bluecoat.com/security-advisory/sa118
bz.apache.org/bugzilla/show_bug.cgi?id=58765
github.com/advisories/GHSA-rh8q-vjgf-gf74
github.com/apache/tomcat/commit/127d8ea86d245846f0472865f0eb1eb111955e71
github.com/apache/tomcat/commit/58c09b6217c546e1a251a82da227018f05277228
github.com/apache/tomcat/commit/66daa4adc14b3e939659879153c0a579fdfcb099
github.com/apache/tomcat/commit/7288bc70a14edcfeff0a96e333a858be374cfc64
github.com/apache/tomcat/commit/816552abf6735fa37dfd37c8a7bfbdbd045477e0
github.com/apache/tomcat/commit/8437193708e4bf6b2861a7953dc472f9dad49111
github.com/apache/tomcat/commit/89cd0cf33a99dbbcf5c69050a83b6876e39269d7
github.com/apache/tomcat/commit/a273b5f45cb46a273d06510a689fc314155a952d
github.com/apache/tomcat/commit/c584c7c4ab0686e4125eefcd0afb32fb8269da3d
github.com/apache/tomcat80/commit/2b643a4e36d318d55ec57fee57610671656d23c0
github.com/apache/tomcat80/commit/c15c2aba8eb42425f9ebcfcaef579dada38ad3a2
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
kc.mcafee.com/corporate/index?page=content&id=SB10156
lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2015-5345
security.gentoo.org/glsa/201705-09
security.netapp.com/advisory/ntap-20180531-0001
web.archive.org/web/20160321235514/www.securitytracker.com/id/1035071
web.archive.org/web/20160804024910/www.securityfocus.com/bid/83328
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
73.2%