Description

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

Remediation

References

CVE-2015-5345

Related Vulnerabilities

WordPress Plugin NextGEN Gallery Sell Photo Cross-Site Scripting (1.0.4)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0346)

MySQL Resource Management Errors Vulnerability (CVE-2012-2749)

WordPress Plugin WP Comment Remix SQL Injection and HTML Injection Vulnerabilities (1.4.3)

TYPO3 Improper Input Validation Vulnerability (CVE-2010-3716)

Severity

Medium

Classification

CVE-2015-5345 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities