Description
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextGEN Gallery Sell Photo Cross-Site Scripting (1.0.4)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0346)
MySQL Resource Management Errors Vulnerability (CVE-2012-2749)
WordPress Plugin WP Comment Remix SQL Injection and HTML Injection Vulnerabilities (1.4.3)
TYPO3 Improper Input Validation Vulnerability (CVE-2010-3716)