Fixed in Apache Tomcat 8.0.30
Low: Directory disclosure CVE-2015-5345 When accessing a directory protected by a security constraint with a URL that did not end in a slash, Tomcat would redirect to the URL with the trailing slash thereby confirming the presence of the directory before processing the security constraint. It was...