vulnerability
CentOS: (CVE-2015-5174) CESA-2016:2045: tomcat6
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | 2016-02-24 | 2016-10-21 | 2019-05-03 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
2016-02-24
Added
2016-10-21
Modified
2019-05-03
Description
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
Solution(s)
centos-upgrade-tomcat6centos-upgrade-tomcat6-admin-webappscentos-upgrade-tomcat6-docs-webappcentos-upgrade-tomcat6-el-2-1-apicentos-upgrade-tomcat6-javadoccentos-upgrade-tomcat6-jsp-2-1-apicentos-upgrade-tomcat6-libcentos-upgrade-tomcat6-servlet-2-5-apicentos-upgrade-tomcat6-webapps
References
- SUSE-SUSE-SU-2016:0769
- SUSE-SUSE-SU-2016:0822
- SUSE-SUSE-SU-2016:0839
- REDHAT-RHSA-2016:1432
- REDHAT-RHSA-2016:1433
- REDHAT-RHSA-2016:1434
- REDHAT-RHSA-2016:1435
- REDHAT-RHSA-2016:2045
- REDHAT-RHSA-2016:2599
- DEBIAN-DLA-435-1
- DEBIAN-DSA-3530
- DEBIAN-DSA-3552
- DEBIAN-DSA-3609
- BID-83329
- SECTRACK-1035070
- UBUNTU-USN-3024-1
- GENTOO-GLSA-201705-09
- NVD-CVE-2015-5174
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.