QwikSec

Security Database

CVE

CWE

Training

CVE-2015-5345

Published: Feb 25, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

x_refsource_CONFIRM

http://svn.apache.org/viewvc?view=revision&revision=1715216

x_refsource_CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

https://kc.mcafee.com/corporate/index?page=content&id=SB10156

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

x_refsource_CONFIRM

openSUSE-SU-2016:0865

vendor-advisory

x_refsource_SUSE

http://tomcat.apache.org/security-9.html

x_refsource_CONFIRM

http://svn.apache.org/viewvc?view=revision&revision=1715213

x_refsource_CONFIRM

http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

SUSE-SU-2016:0769

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_DEBIAN

http://tomcat.apache.org/security-7.html

x_refsource_CONFIRM

http://svn.apache.org/viewvc?view=revision&revision=1715206

x_refsource_CONFIRM

vendor-advisory

x_refsource_HP

vendor-advisory

x_refsource_REDHAT

http://tomcat.apache.org/security-8.html

x_refsource_CONFIRM

http://www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html

x_refsource_MISC

vendor-advisory

x_refsource_REDHAT

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

https://bto.bluecoat.com/security-advisory/sa118

x_refsource_CONFIRM

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

http://svn.apache.org/viewvc?view=revision&revision=1717212

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20180531-0001/

x_refsource_CONFIRM

http://tomcat.apache.org/security-6.html

x_refsource_CONFIRM

20160222 [SECURITY] CVE-2015-5345 Apache Tomcat Directory disclosure

mailing-list

x_refsource_BUGTRAQ

http://svn.apache.org/viewvc?view=revision&revision=1716894

x_refsource_CONFIRM

SUSE-SU-2016:0822

vendor-advisory

x_refsource_SUSE

http://svn.apache.org/viewvc?view=revision&revision=1717209

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

http://svn.apache.org/viewvc?view=revision&revision=1715207

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_DEBIAN

http://svn.apache.org/viewvc?view=revision&revision=1717216

x_refsource_CONFIRM

SUSE-SU-2016:0839

vendor-advisory

x_refsource_SUSE

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

20160225 [CVE-2015-5345] Information disclosure vulnerability in Apache Tomcat

mailing-list

x_refsource_FULLDISC

https://bz.apache.org/bugzilla/show_bug.cgi?id=58765

x_refsource_CONFIRM

http://svn.apache.org/viewvc?view=revision&revision=1716882

x_refsource_CONFIRM

[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.