Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-5174

Опубликовано: 22 фев. 2016
Источник: redhat
CVSS3: 4.3
CVSS2: 4
EPSS Низкий

Описание

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.

A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss BRMS 5jbosswebWill not fix
Red Hat JBoss Data Grid 6jbosswebAffected
Red Hat JBoss Enterprise Application Platform 4jbosswebWill not fix
Red Hat JBoss Enterprise Application Platform 5jbosswebWill not fix
Red Hat JBoss Enterprise Web Server 2tomcat6Will not fix
Red Hat JBoss Fuse Service Works 6jbosswebWill not fix
Red Hat JBoss Operations Network 3jbosswebAffected
Red Hat JBoss Portal 6jbosswebAffected
Red Hat Enterprise Linux 6tomcat6FixedRHSA-2016:204510.10.2016
Red Hat Enterprise Linux 7tomcatFixedRHSA-2016:259903.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=1265698tomcat: URL Normalization issue

EPSS

Процентиль: 75%
0.00901
Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-5174

CVSS3: 4.3
ubuntu
больше 9 лет назад

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.

nvd логотип

CVE-2015-5174

CVSS3: 4.3
nvd
больше 9 лет назад

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.

debian логотип

CVE-2015-5174

CVSS3: 4.3
debian
больше 9 лет назад

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat ...

github логотип

GHSA-6qr6-x7jm-x2q6

CVSS3: 4.3
github
около 3 лет назад

Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

fstec логотип

BDU:2016-00541

fstec
больше 9 лет назад

Уязвимость сервера приложений Apache Tomcat, позволяющая нарушителю обойти ограничения проверки подлинности

EPSS

Процентиль: 75%
0.00901
Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2