Description
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2022-21296 Vulnerability (CVE-2022-21296)
WordPress Plugin Welcart e-Commerce Multiple Vulnerabilities (1.4.17)
WordPress Plugin Jigoshop Multiple Unspecified Vulnerabilities (1.17.13)
WordPress Plugin Patreon WordPress Multiple Vulnerabilities (1.6.9)
Internet Information Services Other Vulnerability (CVE-2000-0630)