Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-5345

Опубликовано: 22 фев. 2016
Источник: redhat
CVSS3: 5.3
CVSS2: 5
EPSS Средний

Описание

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss BRMS 5jbosswebWill not fix
Red Hat JBoss Data Grid 6jbosswebAffected
Red Hat JBoss Enterprise Application Platform 4jbosswebWill not fix
Red Hat JBoss Enterprise Application Platform 5jbosswebWill not fix
Red Hat JBoss Enterprise Application Platform 6jbosswebWill not fix
Red Hat JBoss Enterprise Web Server 2tomcat7Affected
Red Hat JBoss Fuse Service Works 6jbosswebWill not fix
Red Hat JBoss Operations Network 3jbosswebAffected
Red Hat JBoss Portal 6jbosswebAffected
Red Hat Enterprise Linux 6tomcat6FixedRHSA-2016:204510.10.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-552
https://bugzilla.redhat.com/show_bug.cgi?id=1311089tomcat: directory disclosure

EPSS

Процентиль: 97%
0.39867
Средний

5.3 Medium

CVSS3

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-5345

CVSS3: 5.3
ubuntu
больше 9 лет назад

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

nvd логотип

CVE-2015-5345

CVSS3: 5.3
nvd
больше 9 лет назад

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

debian логотип

CVE-2015-5345

CVSS3: 5.3
debian
больше 9 лет назад

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7. ...

github логотип

GHSA-rh8q-vjgf-gf74

CVSS3: 5.3
github
около 3 лет назад

Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

fstec логотип

BDU:2016-00611

fstec
больше 9 лет назад

Уязвимость сервера приложений Apache Tomcat, позволяющая нарушителю определить существование каталога

EPSS

Процентиль: 97%
0.39867
Средний

5.3 Medium

CVSS3

5 Medium

CVSS2