Skip to main content

CVE-2015-5345

Severity

5.3

Description

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

Mitigation

We recommend upgrading to a version of this component that is not vulnerable to this specific issue.

Project

Apache Tomcat

Apache TomEE

Category
n/a
Tags
data
Date Disclosed

2016-02-25

Date Discovered

2015-07-01

Apache TomEE 1.7.x

First release:
2014-08-09
0
Support Lifecycle:
Namespace:
javax

Apache TomEE 1.6.x

First release:
2013-11-17
0
Support Lifecycle:
Namespace:
javax

Apache TomEE 1.5.x

First release:
2012-09-28
0
Support Lifecycle:
Namespace:
javax

Apache TomEE 1.0.x

First release:
2012-04-27
0
Support Lifecycle:
Namespace:
javax
Feel Vulnerable? 

Contact us so we can help you.

* These fields are required.