CVE-2015-5345

MEDIUM

Description

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

References

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html

http://marc.info/?l=bugtraq&m=145974991225029&w=2

http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html

http://rhn.redhat.com/errata/RHSA-2016-1089.html

http://rhn.redhat.com/errata/RHSA-2016-2045.html

http://rhn.redhat.com/errata/RHSA-2016-2599.html

http://seclists.org/bugtraq/2016/Feb/146

http://seclists.org/fulldisclosure/2016/Feb/122

http://svn.apache.org/viewvc?view=revision&revision=1715206

http://svn.apache.org/viewvc?view=revision&revision=1715207

http://svn.apache.org/viewvc?view=revision&revision=1715213

http://svn.apache.org/viewvc?view=revision&revision=1715216

http://svn.apache.org/viewvc?view=revision&revision=1716882

http://svn.apache.org/viewvc?view=revision&revision=1716894

http://svn.apache.org/viewvc?view=revision&revision=1717209

http://svn.apache.org/viewvc?view=revision&revision=1717212

http://svn.apache.org/viewvc?view=revision&revision=1717216

http://tomcat.apache.org/security-6.html

http://tomcat.apache.org/security-7.html

http://tomcat.apache.org/security-8.html

http://tomcat.apache.org/security-9.html

http://www.debian.org/security/2016/dsa-3530

http://www.debian.org/security/2016/dsa-3552

http://www.debian.org/security/2016/dsa-3609

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

http://www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html

http://www.securityfocus.com/bid/83328

http://www.securitytracker.com/id/1035071

http://www.ubuntu.com/usn/USN-3024-1

https://access.redhat.com/errata/RHSA-2016:1087

https://access.redhat.com/errata/RHSA-2016:1088

https://bto.bluecoat.com/security-advisory/sa118

https://bz.apache.org/bugzilla/show_bug.cgi?id=58765

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

https://kc.mcafee.com/corporate/index?page=content&id=SB10156

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://security.gentoo.org/glsa/201705-09

https://security.netapp.com/advisory/ntap-20180531-0001/

Details

Source: MITRE

Published: 2016-02-25

Updated: 2019-04-15

Type: CWE-22

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM