Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Web Servers
Title:Apache Tomcat Limited Directory Traversal Vulnerability - Feb16 (Windows)
Summary:Apache Tomcat is prone to a limited directory traversal vulnerability.
Apache Tomcat is prone to a limited directory traversal vulnerability.

Vulnerability Insight:
The flaw is due to an improper validation of
path while accessing resources via the ServletContext methods getResource(),
getResourceAsStream() and getResourcePaths() the paths should be limited to
the current web application.

Vulnerability Impact:
Successful exploitation will allow remote
authenticated users to bypass intended SecurityManager restrictions and
list a parent directory.

Affected Software/OS:
Apache Tomcat 6.x before 6.0.45,
7.x before 7.0.65, and 8.0.0.RC1 before 8.0.27 on Windows.

Upgrade to version 6.0.45 or 7.0.65 or
8.0.27 or later.

CVSS Score:

CVSS Vector:

Cross-Ref: BugTraq ID: 83329
Common Vulnerability Exposure (CVE) ID: CVE-2015-5174
Bugtraq: 20160222 [SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal (Google Search)
Debian Security Information: DSA-3530 (Google Search)
Debian Security Information: DSA-3552 (Google Search)
Debian Security Information: DSA-3609 (Google Search)
HPdes Security Advisory: HPSBUX03561
RedHat Security Advisories: RHSA-2016:1432
RedHat Security Advisories: RHSA-2016:1433
RedHat Security Advisories: RHSA-2016:1434
RedHat Security Advisories: RHSA-2016:1435
RedHat Security Advisories: RHSA-2016:2045
RedHat Security Advisories: RHSA-2016:2599
SuSE Security Announcement: SUSE-SU-2016:0769 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:0822 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:0839 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:0865 (Google Search)
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2023 E-Soft Inc. All rights reserved.