Description

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

Remediation

References

CVE-2015-5345

Related Vulnerabilities

Oracle JRE CVE-2022-21296 Vulnerability (CVE-2022-21296)

WordPress Plugin Welcart e-Commerce Multiple Vulnerabilities (1.4.17)

WordPress Plugin Jigoshop Multiple Unspecified Vulnerabilities (1.17.13)

WordPress Plugin Patreon WordPress Multiple Vulnerabilities (1.6.9)

Internet Information Services Other Vulnerability (CVE-2000-0630)

Severity

Medium

Classification

CVE-2015-5345 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities