CVE-2015-5345

Published: Feb 25, 2016Modified: May 6, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

Affected (102)

Products: Debian: Debian Linux · Apache: Tomcat · Canonical: Ubuntu Linux

1 product

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Configuration B

96 vulnerable

Vulnerable Software	Affected Versions
Apache Tomcat	Version 6.0.0
Apache Tomcat	Version 6.0.0 alpha
Apache Tomcat	Version 6.0.10
Apache Tomcat	Version 6.0.11
Apache Tomcat	Version 6.0.13
Apache Tomcat	Version 6.0.14
Apache Tomcat	Version 6.0.16
Apache Tomcat	Version 6.0.18
Apache Tomcat	Version 6.0.1
Apache Tomcat	Version 6.0.1 alpha
Apache Tomcat	Version 6.0.20
Apache Tomcat	Version 6.0.24
Apache Tomcat	Version 6.0.26
Apache Tomcat	Version 6.0.28
Apache Tomcat	Version 6.0.29
Apache Tomcat	Version 6.0.2
Apache Tomcat	Version 6.0.2 alpha
Apache Tomcat	Version 6.0.2 beta
Apache Tomcat	Version 6.0.30
Apache Tomcat	Version 6.0.32
Apache Tomcat	Version 6.0.33
Apache Tomcat	Version 6.0.35
Apache Tomcat	Version 6.0.36
Apache Tomcat	Version 6.0.37
Apache Tomcat	Version 6.0.39
Apache Tomcat	Version 6.0.41
Apache Tomcat	Version 6.0.43
Apache Tomcat	Version 6.0.44
Apache Tomcat	Version 6.0.4
Apache Tomcat	Version 6.0.4 alpha
Apache Tomcat	Version 7.0.0 beta
Apache Tomcat	Version 7.0.10
Apache Tomcat	Version 7.0.11
Apache Tomcat	Version 7.0.12
Apache Tomcat	Version 7.0.14
Apache Tomcat	Version 7.0.16
Apache Tomcat	Version 7.0.19
Apache Tomcat	Version 7.0.20
Apache Tomcat	Version 7.0.21
Apache Tomcat	Version 7.0.22
Apache Tomcat	Version 7.0.23
Apache Tomcat	Version 7.0.25
Apache Tomcat	Version 7.0.26
Apache Tomcat	Version 7.0.27
Apache Tomcat	Version 7.0.28
Apache Tomcat	Version 7.0.29
Apache Tomcat	Version 7.0.2 beta
Apache Tomcat	Version 7.0.30
Apache Tomcat	Version 7.0.32
Apache Tomcat	Version 7.0.33
Apache Tomcat	Version 7.0.34
Apache Tomcat	Version 7.0.35
Apache Tomcat	Version 7.0.37
Apache Tomcat	Version 7.0.39
Apache Tomcat	Version 7.0.40
Apache Tomcat	Version 7.0.41
Apache Tomcat	Version 7.0.42
Apache Tomcat	Version 7.0.47
Apache Tomcat	Version 7.0.4 beta
Apache Tomcat	Version 7.0.50
Apache Tomcat	Version 7.0.52
Apache Tomcat	Version 7.0.53
Apache Tomcat	Version 7.0.54
Apache Tomcat	Version 7.0.55
Apache Tomcat	Version 7.0.56
Apache Tomcat	Version 7.0.57
Apache Tomcat	Version 7.0.59
Apache Tomcat	Version 7.0.5 beta
Apache Tomcat	Version 7.0.61
Apache Tomcat	Version 7.0.62
Apache Tomcat	Version 7.0.63
Apache Tomcat	Version 7.0.64
Apache Tomcat	Version 7.0.65
Apache Tomcat	Version 7.0.6
Apache Tomcat	Version 8.0.0 rc10
Apache Tomcat	Version 8.0.0 rc1
Apache Tomcat	Version 8.0.0 rc3
Apache Tomcat	Version 8.0.0 rc5
Apache Tomcat	Version 8.0.11
Apache Tomcat	Version 8.0.12
Apache Tomcat	Version 8.0.14
Apache Tomcat	Version 8.0.15
Apache Tomcat	Version 8.0.17
Apache Tomcat	Version 8.0.18
Apache Tomcat	Version 8.0.1
Apache Tomcat	Version 8.0.20
Apache Tomcat	Version 8.0.21
Apache Tomcat	Version 8.0.22
Apache Tomcat	Version 8.0.23
Apache Tomcat	Version 8.0.24
Apache Tomcat	Version 8.0.26
Apache Tomcat	Version 8.0.27
Apache Tomcat	Version 8.0.28
Apache Tomcat	Version 8.0.29
Apache Tomcat	Version 8.0.3
Apache Tomcat	Version 9.0.0 milestone1

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.10
Canonical Ubuntu Linux	Version 16.04

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (102)

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=145974991225029&w=2

Source: secalert@redhat.com

http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-1089.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-2045.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-2599.html

Source: secalert@redhat.com

http://seclists.org/bugtraq/2016/Feb/146

Source: secalert@redhat.com

http://seclists.org/fulldisclosure/2016/Feb/122

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1715206

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1715207

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1715213

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1715216

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1716882

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1716894

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1717209

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1717212

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1717216

Source: secalert@redhat.com

http://tomcat.apache.org/security-6.html

Source: secalert@redhat.com

Vendor Advisory

http://tomcat.apache.org/security-7.html

Source: secalert@redhat.com

Vendor Advisory

http://tomcat.apache.org/security-8.html

Source: secalert@redhat.com

Vendor Advisory

http://tomcat.apache.org/security-9.html

Source: secalert@redhat.com

Vendor Advisory

http://www.debian.org/security/2016/dsa-3530

Source: secalert@redhat.com

http://www.debian.org/security/2016/dsa-3552

Source: secalert@redhat.com

http://www.debian.org/security/2016/dsa-3609

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

Source: secalert@redhat.com

http://www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/83328

Source: secalert@redhat.com

http://www.securitytracker.com/id/1035071

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-3024-1

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2016:1087

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2016:1088

Source: secalert@redhat.com

https://bto.bluecoat.com/security-advisory/sa118

Source: secalert@redhat.com

https://bz.apache.org/bugzilla/show_bug.cgi?id=58765

Source: secalert@redhat.com

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

Source: secalert@redhat.com

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

Source: secalert@redhat.com

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

Source: secalert@redhat.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10156

Source: secalert@redhat.com

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201705-09

Source: secalert@redhat.com

https://security.netapp.com/advisory/ntap-20180531-0001/

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html