Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2015-5174HistoryFeb 25, 2016 - 1:59 a.m.
CVE-2015-5174
2016-02-2501:59:00
Debian Security Bug Tracker
security-tracker.debian.org
16
0.002 Low
EPSS
Percentile
55.7%
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /… (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | all | tomcat7 | < 7.0.75-1 | tomcat7_7.0.75-1_all.deb |
| Debian | 9 | all | tomcat8 | < 8.5.54-0+deb9u1 | tomcat8_8.5.54-0+deb9u1_all.deb |
Related
ibm
ibm
prion
prion
Directory traversal
2016-02-25 01:59:00
tomcat
tomcat
Fixed in Apache Tomcat 7.0.65
2015-10-19 00:00:00
Fixed in Apache Tomcat 8.0.27
2015-10-01 00:00:00
Fixed in Apache Tomcat 6.0.45
2016-02-11 00:00:00
cvelist
cvelist
CVE-2015-5174
2016-02-25 01:00:00
f5
f5
osv
osv
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
2022-05-14 01:10:16
tomcat6 - security update
2016-02-27 00:00:00
tomcat7 - security update
2016-04-17 00:00:00
nvd
nvd
CVE-2015-5174
2016-02-25 01:59:00
github
github
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
2022-05-14 01:10:16
ubuntucve
ubuntucve
CVE-2015-5174
2016-02-24 00:00:00
openvas
openvas
Apache Tomcat Limited Directory Traversal Vulnerability (Feb 2016) - Windows
2016-02-25 00:00:00
Apache Tomcat Limited Directory Traversal Vulnerability (Feb 2016) - Linux
2016-02-25 00:00:00
Amazon Linux: Security Advisory (ALAS-2016-657)
2016-03-11 00:00:00
cve
cve
CVE-2015-5174
2016-02-25 01:59:00
nessus
nessus
Apache Tomcat 8.0.0-RC1 < 8.0.27
2024-05-23 00:00:00
F5 Networks BIG-IP : Apache Tomcat 6.x vulnerability (K30971148)
2017-02-28 00:00:00
Apache Tomcat 7.0.0 < 7.0.65
2019-01-11 00:00:00
veracode
veracode
Directory Traversal
2019-01-15 09:09:27
redhat
redhat
amazon
amazon
Medium: tomcat8
2016-03-10 16:30:00
Medium: tomcat7
2016-03-10 16:30:00
Medium: tomcat6
2016-03-29 15:30:00
suse
suse
Security update for tomcat6 (important)
2016-03-21 14:14:16
Security update for tomcat (important)
2016-03-23 18:09:46
Security update for tomcat (important)
2016-03-15 15:12:43
oraclelinux
oraclelinux
tomcat6 security and bug fix update
2016-10-10 00:00:00
tomcat security, bug fix, and enhancement update
2016-11-09 00:00:00
tomcat security, bug fix, and enhancement update
2017-08-07 00:00:00
centos
centos
tomcat6 security update
2016-10-11 18:36:02
tomcat security update
2016-11-25 15:49:52
debian
debian
[SECURITY] [DLA 435-1] tomcat6 security update
2016-02-27 19:09:41
[SECURITY] [DSA 3609-1] tomcat8 security update
2016-06-29 19:54:21
[SECURITY] [DSA 3552-1] tomcat7 security update
2016-04-17 18:44:26
atlassian
atlassian
Upgrade Tomcat to the latest 8.0.x release
2016-02-19 00:04:16
Upgrade Tomcat to the latest 8.0.x release
2016-02-19 00:04:16
Upgrade Tomcat to the latest 8.0.x release
2016-02-19 00:04:16
symantec
symantec
SA118 : February 2016 Apache Tomcat Vulnerabilities
2016-03-15 08:00:00
mageia
mageia
Updated tomcat packages fix security vulnerabilities
2016-03-02 21:28:46
ubuntu
ubuntu
Tomcat vulnerabilities
2016-07-05 00:00:00
cloudfoundry
cloudfoundry
USN-3024-1: tomcat6, tomcat7 vulnerabilities | Cloud Foundry
2017-01-19 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2017-05-18 00:00:00
oracle
oracle
CPU July 2018
2018-07-17 00:00:00