Lucene search

PRIOn knowledge basePRION:CVE-2015-5345

HistoryFeb 25, 2016 - 1:59 a.m.

Design/Logic Flaw

2016-02-2501:59:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.9%

JSON

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

CPENameOperatorVersion
tomcateq7.0.2 beta
tomcateq6.0.33
tomcateq6.0.0 alpha
tomcateq6.0.39
tomcateq7.0.12
tomcateq7.0.62
tomcateq8.0.17
tomcateq7.0.53
tomcateq6.0.4 alpha
tomcateq7.0.20

Name	Operator	Version
tomcat	eq	7.0.2 beta
tomcat	eq	6.0.33
tomcat	eq	6.0.0 alpha
tomcat	eq	6.0.39
tomcat	eq	7.0.12
tomcat	eq	7.0.62
tomcat	eq	8.0.17
tomcat	eq	7.0.53
tomcat	eq	6.0.4 alpha
tomcat	eq	7.0.20

Rows per page:

1-10 of 1021

References

lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html

packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html

rhn.redhat.com/errata/RHSA-2016-1089.html

rhn.redhat.com/errata/RHSA-2016-2045.html

rhn.redhat.com/errata/RHSA-2016-2599.html

seclists.org/bugtraq/2016/Feb/146

seclists.org/fulldisclosure/2016/Feb/122

svn.apache.org/viewvc?view=revision&revision=1715206

svn.apache.org/viewvc?view=revision&revision=1715207

svn.apache.org/viewvc?view=revision&revision=1715213

svn.apache.org/viewvc?view=revision&revision=1715216

svn.apache.org/viewvc?view=revision&revision=1716882

svn.apache.org/viewvc?view=revision&revision=1716894

svn.apache.org/viewvc?view=revision&revision=1717209

svn.apache.org/viewvc?view=revision&revision=1717212

svn.apache.org/viewvc?view=revision&revision=1717216

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

tomcat.apache.org/security-8.html

tomcat.apache.org/security-9.html

www.debian.org/security/2016/dsa-3530

www.debian.org/security/2016/dsa-3552

www.debian.org/security/2016/dsa-3609

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html

www.securityfocus.com/bid/83328

www.securitytracker.com/id/1035071

www.ubuntu.com/usn/USN-3024-1

access.redhat.com/errata/RHSA-2016:1087

access.redhat.com/errata/RHSA-2016:1088

bto.bluecoat.com/security-advisory/sa118

bz.apache.org/bugzilla/show_bug.cgi?id=58765

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

kc.mcafee.com/corporate/index?page=content&id=SB10156

lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

marc.info/?l=bugtraq&m=145974991225029&w=2

security.gentoo.org/glsa/201705-09

security.netapp.com/advisory/ntap-20180531-0001/