Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2015-5345
Description:The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
Test IDs: 1.3.6.1.4.1.25623.1.0.807407   1.3.6.1.4.1.25623.1.0.807412  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2015-5345
BugTraq ID: 83328
http://www.securityfocus.com/bid/83328
Bugtraq: 20160222 [SECURITY] CVE-2015-5345 Apache Tomcat Directory disclosure (Google Search)
http://seclists.org/bugtraq/2016/Feb/146
Debian Security Information: DSA-3530 (Google Search)
http://www.debian.org/security/2016/dsa-3530
Debian Security Information: DSA-3552 (Google Search)
http://www.debian.org/security/2016/dsa-3552
Debian Security Information: DSA-3609 (Google Search)
http://www.debian.org/security/2016/dsa-3609
http://seclists.org/fulldisclosure/2016/Feb/122
https://security.gentoo.org/glsa/201705-09
HPdes Security Advisory: HPSBUX03561
http://marc.info/?l=bugtraq&m=145974991225029&w=2
http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html
http://www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
RedHat Security Advisories: RHSA-2016:1087
https://access.redhat.com/errata/RHSA-2016:1087
RedHat Security Advisories: RHSA-2016:1088
https://access.redhat.com/errata/RHSA-2016:1088
RedHat Security Advisories: RHSA-2016:1089
http://rhn.redhat.com/errata/RHSA-2016-1089.html
RedHat Security Advisories: RHSA-2016:2045
http://rhn.redhat.com/errata/RHSA-2016-2045.html
RedHat Security Advisories: RHSA-2016:2599
http://rhn.redhat.com/errata/RHSA-2016-2599.html
http://www.securitytracker.com/id/1035071
SuSE Security Announcement: SUSE-SU-2016:0769 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
SuSE Security Announcement: SUSE-SU-2016:0822 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
SuSE Security Announcement: SUSE-SU-2016:0839 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
SuSE Security Announcement: openSUSE-SU-2016:0865 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
http://www.ubuntu.com/usn/USN-3024-1




© 1998-2024 E-Soft Inc. All rights reserved.