CVE-2015-5345

MEDIUM

Description

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

References

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html

http://marc.info/?l=bugtraq&m=145974991225029&w=2

http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html

http://rhn.redhat.com/errata/RHSA-2016-1089.html

http://rhn.redhat.com/errata/RHSA-2016-2045.html

http://rhn.redhat.com/errata/RHSA-2016-2599.html

http://seclists.org/bugtraq/2016/Feb/146

http://seclists.org/fulldisclosure/2016/Feb/122

http://svn.apache.org/viewvc?view=revision&revision=1715206

http://svn.apache.org/viewvc?view=revision&revision=1715207

http://svn.apache.org/viewvc?view=revision&revision=1715213

http://svn.apache.org/viewvc?view=revision&revision=1715216

http://svn.apache.org/viewvc?view=revision&revision=1716882

http://svn.apache.org/viewvc?view=revision&revision=1716894

http://svn.apache.org/viewvc?view=revision&revision=1717209

http://svn.apache.org/viewvc?view=revision&revision=1717212

http://svn.apache.org/viewvc?view=revision&revision=1717216

http://tomcat.apache.org/security-6.html

http://tomcat.apache.org/security-7.html

http://tomcat.apache.org/security-8.html

http://tomcat.apache.org/security-9.html

http://www.debian.org/security/2016/dsa-3530

http://www.debian.org/security/2016/dsa-3552

http://www.debian.org/security/2016/dsa-3609

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

http://www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html

http://www.securityfocus.com/bid/83328

http://www.securitytracker.com/id/1035071

http://www.ubuntu.com/usn/USN-3024-1

https://access.redhat.com/errata/RHSA-2016:1087

https://access.redhat.com/errata/RHSA-2016:1088

https://bto.bluecoat.com/security-advisory/sa118

https://bz.apache.org/bugzilla/show_bug.cgi?id=58765

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

https://kc.mcafee.com/corporate/index?page=content&id=SB10156

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://security.gentoo.org/glsa/201705-09

https://security.netapp.com/advisory/ntap-20180531-0001/

Details

Source: MITRE

Published: 2016-02-25

Updated: 2019-04-15

Type: CWE-22

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Tenable Plugins

View all (29 total)

IDNameProductFamilySeverity
700699Apache Tomcat 9.0.x < 9.0.0.M3 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
121125Apache Tomcat < 9.0.0.M3 Multiple VulnerabilitiesNessusWeb Servers
medium
121123Apache Tomcat < 8.0.30 Directory DisclosureNessusWeb Servers
medium
107136F5 Networks BIG-IP : Apache Tomcat 6.x vulnerability (K34341852)NessusF5 Networks Local Security Checks
medium
100262GLSA-201705-09 : Apache Tomcat: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
99816EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2016-1054)NessusHuawei Local Security Checks
high
95863Scientific Linux Security Update : tomcat on SL7.x (noarch) (20161103)NessusScientific Linux Local Security Checks
high
95345CentOS 7 : tomcat (CESA-2016:2599)NessusCentOS Local Security Checks
high
94718Oracle Linux 7 : tomcat (ELSA-2016-2599)NessusOracle Linux Local Security Checks
high
94562RHEL 7 : tomcat (RHSA-2016:2599)NessusRed Hat Local Security Checks
high
94004Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20161010) (httpoxy)NessusScientific Linux Local Security Checks
high
93965CentOS 6 : tomcat6 (CESA-2016:2045) (httpoxy)NessusCentOS Local Security Checks
high
93950RHEL 6 : tomcat6 (RHSA-2016:2045) (httpoxy)NessusRed Hat Local Security Checks
high
93947Oracle Linux 6 : tomcat6 (ELSA-2016-2045) (httpoxy)NessusOracle Linux Local Security Checks
high
91954Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : tomcat6, tomcat7 vulnerabilities (USN-3024-1)NessusUbuntu Local Security Checks
high
91906Debian DSA-3609-1 : tomcat8 - security updateNessusDebian Local Security Checks
high
9316Apache Tomcat 6.0.x < 6.0.45 / 7.0.x < 7.0.68 / 8.0.x < 8.0.30 Directory TraversalNessus Network MonitorWeb Servers
medium
91246RHEL 7 : JBoss Web Server (RHSA-2016:1088)NessusRed Hat Local Security Checks
medium
91245RHEL 6 : JBoss Web Server (RHSA-2016:1087)NessusRed Hat Local Security Checks
medium
90552Debian DSA-3552-1 : tomcat7 - security updateNessusDebian Local Security Checks
medium
90274Amazon Linux AMI : tomcat6 (ALAS-2016-681)NessusAmazon Linux Local Security Checks
medium
90273Amazon Linux AMI : tomcat7 (ALAS-2016-680)NessusAmazon Linux Local Security Checks
medium
90205Debian DSA-3530-1 : tomcat6 - security updateNessusDebian Local Security Checks
high
90136openSUSE Security Update : tomcat (openSUSE-2016-384)NessusSuSE Local Security Checks
medium
89839Amazon Linux AMI : tomcat8 (ALAS-2016-658)NessusAmazon Linux Local Security Checks
medium
89006FreeBSD : tomcat -- multiple vulnerabilities (1f1124fe-de5c-11e5-8fa8-14dae9d210b8)NessusFreeBSD Local Security Checks
medium
88996Debian DLA-435-1 : tomcat6 security updateNessusDebian Local Security Checks
medium
88936Apache Tomcat 7.0.x < 7.0.68 Multiple VulnerabilitiesNessusWeb Servers
medium
88935Apache Tomcat 6.0.x < 6.0.45 Multiple VulnerabilitiesNessusWeb Servers
medium