CVE-2015-5345
Description
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
33.786
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update Tomcat to 9.5.14 | Windows |
| Update Tomcat to 9.5.5 | Windows |
| Update Tomcat to 9.5.7 | Windows |
| Update Tomcat to 9.5.8 | Windows |
| Update Tomcat to 9.6.10 | Windows |
| Update Tomcat to 9.6.3 | Windows |
| Update Tomcat to 9.6.4 | Windows |
| Update Tomcat to 9.6.7 | Windows |
| Update Tomcat to 9.6.8 | Windows |
| Update Tomcat to 2.4.5 | Windows |
| Update Tomcat to 3.0.14 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.0 | Windows |
| Vulnerabilities CVE-2015-5346,CVE-2015-5351,CVE-2016-0714,CVE-2016-0706,CVE-2015-5345 are fixed in Apache - tomcat 9.0.0 | Windows |
| Vulnerabilities CVE-2015-5351,CVE-2016-0763,CVE-2015-5345 are fixed in Apache - tomcat 7.0.68 | Windows |
| Vulnerabilities CVE-2016-0706,CVE-2015-5345,CVE-2015-5174 are fixed in Apache - tomcat 6.0.45 | Windows |
| Vulnerabilities CVE-2015-5345 are fixed in Apache - tomcat 8.0.30 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4 | Windows |
| SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-7.0.68-7.6.1.noarch.rpm | Linux |
| SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-admin-webapps-7.0.68-7.6.1.noarch.rpm | Linux |
| SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-docs-webapp-7.0.68-7.6.1.noarch.rpm | Linux |
| SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-el-2_2-api-7.0.68-7.6.1.noarch.rpm | Linux |
| SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-javadoc-7.0.68-7.6.1.noarch.rpm | Linux |
| SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-jsp-2_2-api-7.0.68-7.6.1.noarch.rpm | Linux |
| SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-lib-7.0.68-7.6.1.noarch.rpm | Linux |
| SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-servlet-3_0-api-7.0.68-7.6.1.noarch.rpm | Linux |
| SUSE-SU-2016:0822-1(SUSE Linux Enterprise Server 12 ) tomcat-webapps-7.0.68-7.6.1.noarch.rpm | Linux |
| Update Tomcat to 9.5.14 (For Linux) | Linux |
| Update Tomcat to 9.5.5 (For Linux) | Linux |
| Update Tomcat to 9.5.7 (For Linux) | Linux |
| Update Tomcat to 9.5.8 (For Linux) | Linux |
| Update Tomcat to 9.6.10 (For Linux) | Linux |
| Update Tomcat to 9.6.3 (For Linux) | Linux |
| Update Tomcat to 9.6.4 (For Linux) | Linux |
| Update Tomcat to 9.6.7 (For Linux) | Linux |
| Update Tomcat to 9.6.8 (For Linux) | Linux |
| Update Tomcat to 2.4.5 (For Linux) | Linux |
| Update Tomcat to 3.0.14 (For Linux) | Linux |
| Vulnerabilities CVE-2015-5346,CVE-2015-5351,CVE-2016-0714,CVE-2016-0706,CVE-2015-5345 are fixed in Apache - tomcat for Linux 9.0.0 | Linux |
| Vulnerabilities CVE-2015-5351,CVE-2016-0763,CVE-2015-5345 are fixed in Apache - tomcat for Linux 7.0.68 | Linux |
| Vulnerabilities CVE-2016-0706,CVE-2015-5345,CVE-2015-5174 are fixed in Apache - tomcat for Linux 6.0.45 | Linux |
| Vulnerabilities CVE-2015-5345 are fixed in Apache - tomcat for Linux 8.0.30 | Linux |
| Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability (CVE-2015-5345) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234