CVE-2015-5345

Severity

5.3

Description

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

Mitigation

We recommend upgrading to a version of this component that is not vulnerable to this specific issue.

Related links:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5345

http://tomcat.apache.org/security-9.html

https://bz.apache.org/bugzilla/show_bug.cgi?id=58660#c0

Project

Apache Tomcat

Category

n/a

Tags

data

Date Disclosed

2016-02-25

Date Discovered

2015-07-01

Apache Tomcat 8.0.x

First release:

2014-06-25

First release:

2018-06-30

0

Support Lifecycle:

Namespace:

javax

8.0.1 8.0.3 8.0.5 8.0.8 8.0.9 8.0.11 8.0.12 8.0.14 8.0.15 8.0.17 8.0.18 8.0.20 8.0.21 8.0.22 8.0.23 8.0.24 8.0.26 8.0.27 8.0.28 8.0.29

Apache TomEE 1.7.x

First release:

2014-08-09

0

Support Lifecycle:

Namespace:

javax

1.7.0 1.7.1 1.7.2 1.7.3

Apache TomEE 1.6.x

First release:

2013-11-17

0

Support Lifecycle:

Namespace:

javax

1.6.0 1.6.0.1 1.6.0.2

Apache TomEE 1.5.x

First release:

2012-09-28

0

Support Lifecycle:

Namespace:

javax

1.5.0 1.5.1 1.5.2

Apache TomEE 1.0.x

First release:

2012-04-27

0

Support Lifecycle:

Namespace:

javax

Feel Vulnerable?

Contact us so we can help you.

First name ^*
Last name ^*
Email ^*
Company ^*
Product ^*
Heard about us from: ^*
Tell us more ^*

Send me a confirmation email

^* These fields are required.