CVE-2015-5345
Published: 24 February 2016
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
From the Ubuntu Security Team
It was discovered that the Tomcat mapper component incorrectly handled redirects. A remote attacker could use this issue to determine the existence of a directory.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
tomcat6 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| precise |
Released
(6.0.35-1ubuntu3.7)
|
|
| trusty |
Released
(6.0.39-1ubuntu0.1)
|
|
| upstream |
Released
(6.0.45)
|
|
| wily |
Ignored
(end of life)
|
|
| xenial |
Released
(6.0.45+dfsg-1)
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1715216 upstream: http://svn.apache.org/viewvc?view=revision&revision=1717216 |
||
|
tomcat7 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(7.0.68-1)
|
| bionic |
Not vulnerable
(7.0.68-1)
|
|
| precise |
Ignored
(end of life)
|
|
| trusty |
Released
(7.0.52-1ubuntu0.6)
|
|
| upstream |
Released
(7.0.68-1)
|
|
| wily |
Released
(7.0.64-1ubuntu0.3)
|
|
| xenial |
Not vulnerable
(7.0.68-1)
|
|
| yakkety |
Not vulnerable
(7.0.68-1)
|
|
| zesty |
Not vulnerable
(7.0.68-1)
|
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1715213 upstream: http://svn.apache.org/viewvc?view=revision&revision=1717212 |
||
|
tomcat8 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(8.0.32-1ubuntu1)
|
| bionic |
Not vulnerable
(8.0.32-1ubuntu1)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(8.0.30-1)
|
|
| wily |
Ignored
(end of life)
|
|
| xenial |
Not vulnerable
(8.0.32-1ubuntu1)
|
|
| yakkety |
Not vulnerable
(8.0.32-1ubuntu1)
|
|
| zesty |
Not vulnerable
(8.0.32-1ubuntu1)
|
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1715207 upstream: http://svn.apache.org/viewvc?view=revision&revision=1717209 |
||
|
tomcat9 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Released
(9.0.16-3~18.04.1)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(9.0.0.M3)
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.3 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |