Lucene search

GitHub Advisory DatabaseGHSA-RH8Q-VJGF-GF74

HistoryMay 14, 2022 - 1:10 a.m.

Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

2022-05-1401:10:16

CWE-22

GitHub Advisory Database

github.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.004 Low

EPSS

Percentile

73.9%

JSON

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

Affected configurations

Vulners

Node

org.apache.tomcat\Matchtomcat

org.apache.tomcat\Matchtomcat9.0.0.m1

CPENameOperatorVersion
org.apache.tomcat:tomcatlt6.0.45
org.apache.tomcat:tomcatlt7.0.68
org.apache.tomcat:tomcatlt8.0.30
org.apache.tomcat:tomcateq9.0.0.M1

Name	Operator	Version
org.apache.tomcat:tomcat	lt	6.0.45
org.apache.tomcat:tomcat	lt	7.0.68
org.apache.tomcat:tomcat	lt	8.0.30
org.apache.tomcat:tomcat	eq	9.0.0.M1

References

lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html

marc.info/?l=bugtraq&m=145974991225029&w=2

packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html

rhn.redhat.com/errata/RHSA-2016-1089.html

rhn.redhat.com/errata/RHSA-2016-2045.html

rhn.redhat.com/errata/RHSA-2016-2599.html

seclists.org/bugtraq/2016/Feb/146

seclists.org/fulldisclosure/2016/Feb/122

svn.apache.org/viewvc?view=revision&revision=1715206

svn.apache.org/viewvc?view=revision&revision=1715207

svn.apache.org/viewvc?view=revision&revision=1715213

svn.apache.org/viewvc?view=revision&revision=1715216

svn.apache.org/viewvc?view=revision&revision=1716882

svn.apache.org/viewvc?view=revision&revision=1716894

svn.apache.org/viewvc?view=revision&revision=1717209

svn.apache.org/viewvc?view=revision&revision=1717212

svn.apache.org/viewvc?view=revision&revision=1717216

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

tomcat.apache.org/security-8.html

tomcat.apache.org/security-9.html

www.debian.org/security/2016/dsa-3530

www.debian.org/security/2016/dsa-3552

www.debian.org/security/2016/dsa-3609

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html

www.ubuntu.com/usn/USN-3024-1

access.redhat.com/errata/RHSA-2016:1087

access.redhat.com/errata/RHSA-2016:1088

bto.bluecoat.com/security-advisory/sa118

bz.apache.org/bugzilla/show_bug.cgi?id=58765

github.com/advisories/GHSA-rh8q-vjgf-gf74

github.com/apache/tomcat/commit/127d8ea86d245846f0472865f0eb1eb111955e71

github.com/apache/tomcat/commit/58c09b6217c546e1a251a82da227018f05277228

github.com/apache/tomcat/commit/66daa4adc14b3e939659879153c0a579fdfcb099

github.com/apache/tomcat/commit/7288bc70a14edcfeff0a96e333a858be374cfc64

github.com/apache/tomcat/commit/816552abf6735fa37dfd37c8a7bfbdbd045477e0

github.com/apache/tomcat/commit/8437193708e4bf6b2861a7953dc472f9dad49111

github.com/apache/tomcat/commit/89cd0cf33a99dbbcf5c69050a83b6876e39269d7

github.com/apache/tomcat/commit/a273b5f45cb46a273d06510a689fc314155a952d

github.com/apache/tomcat/commit/c584c7c4ab0686e4125eefcd0afb32fb8269da3d

github.com/apache/tomcat80/commit/2b643a4e36d318d55ec57fee57610671656d23c0

github.com/apache/tomcat80/commit/c15c2aba8eb42425f9ebcfcaef579dada38ad3a2

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

kc.mcafee.com/corporate/index?page=content&id=SB10156

lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

nvd.nist.gov/vuln/detail/CVE-2015-5345

security.gentoo.org/glsa/201705-09

security.netapp.com/advisory/ntap-20180531-0001

web.archive.org/web/20160321235514/www.securitytracker.com/id/1035071

web.archive.org/web/20160804024910/www.securityfocus.com/bid/83328

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.004 Low

EPSS

Percentile

73.9%

JSON

Related for GHSA-RH8Q-VJGF-GF74