Lucene search

PRIOn knowledge basePRION:CVE-2015-5174

HistoryFeb 25, 2016 - 1:59 a.m.

Directory traversal

2016-02-2501:59:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.7%

JSON

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /… (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.

CPENameOperatorVersion
tomcateq7.0.2 beta
tomcateq6.0.33
tomcateq6.0.0 alpha
tomcateq6.0.39
tomcateq7.0.12
tomcateq7.0.62
tomcateq8.0.17
tomcateq7.0.53
tomcateq6.0.4 alpha
tomcateq7.0.20

Name	Operator	Version
tomcat	eq	7.0.2 beta
tomcat	eq	6.0.33
tomcat	eq	6.0.0 alpha
tomcat	eq	6.0.39
tomcat	eq	7.0.12
tomcat	eq	7.0.62
tomcat	eq	8.0.17
tomcat	eq	7.0.53
tomcat	eq	6.0.4 alpha
tomcat	eq	7.0.20

Rows per page:

1-10 of 961

References

lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html

packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html

rhn.redhat.com/errata/RHSA-2016-1435.html

rhn.redhat.com/errata/RHSA-2016-2045.html

rhn.redhat.com/errata/RHSA-2016-2599.html

seclists.org/bugtraq/2016/Feb/149

svn.apache.org/viewvc?view=revision&revision=1696281

svn.apache.org/viewvc?view=revision&revision=1696284

svn.apache.org/viewvc?view=revision&revision=1700897

svn.apache.org/viewvc?view=revision&revision=1700898

svn.apache.org/viewvc?view=revision&revision=1700900

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

tomcat.apache.org/security-8.html

www.debian.org/security/2016/dsa-3530

www.debian.org/security/2016/dsa-3552

www.debian.org/security/2016/dsa-3609

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

www.securityfocus.com/bid/83329

www.securitytracker.com/id/1035070

www.ubuntu.com/usn/USN-3024-1

access.redhat.com/errata/RHSA-2016:1432

access.redhat.com/errata/RHSA-2016:1433

access.redhat.com/errata/RHSA-2016:1434

bto.bluecoat.com/security-advisory/sa118

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2@%3Cusers.tomcat.apache.org%3E

lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85@%3Cusers.tomcat.apache.org%3E

lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e@%3Cusers.tomcat.apache.org%3E

lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4@%3Cusers.tomcat.apache.org%3E

lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350@%3Cusers.tomcat.apache.org%3E

marc.info/?l=bugtraq&m=145974991225029&w=2

security.gentoo.org/glsa/201705-09

security.netapp.com/advisory/ntap-20180531-0001/