CVE-2015-5345
Published: 24 February 2016
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
From the Ubuntu security team
It was discovered that the Tomcat mapper component incorrectly handled redirects. A remote attacker could use this issue to determine the existence of a directory.
Priority
Low
CVSS 3 base score: 5.3
Status
| Package | Release | Status |
|---|---|---|
|
tomcat6 Launchpad, Ubuntu, Debian |
Upstream |
Released
(6.0.45)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(6.0.45+dfsg-1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(6.0.39-1ubuntu0.1)
|
|
|
Patches: Upstream: http://svn.apache.org/viewvc?view=revision&revision=1715216 Upstream: http://svn.apache.org/viewvc?view=revision&revision=1717216 |
||
|
tomcat7 Launchpad, Ubuntu, Debian |
Upstream |
Released
(7.0.68-1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(7.0.68-1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(7.0.68-1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(7.0.52-1ubuntu0.6)
|
|
|
Patches: Upstream: http://svn.apache.org/viewvc?view=revision&revision=1715213 Upstream: http://svn.apache.org/viewvc?view=revision&revision=1717212 |
||
|
tomcat8 Launchpad, Ubuntu, Debian |
Upstream |
Released
(8.0.30-1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(8.0.32-1ubuntu1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(8.0.32-1ubuntu1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
Patches: Upstream: http://svn.apache.org/viewvc?view=revision&revision=1715207 Upstream: http://svn.apache.org/viewvc?view=revision&revision=1717209 |
||
|
tomcat9 Launchpad, Ubuntu, Debian |
Upstream |
Released
(9.0.0.M3)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(9.0.16-3~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|