vulnerability

CentOS: (CVE-2015-5174) CESA-2016:2045: tomcat6

Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
2016-02-24
Added
2016-10-21
Modified
2019-05-03

Description

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.

Solution(s)

centos-upgrade-tomcat6centos-upgrade-tomcat6-admin-webappscentos-upgrade-tomcat6-docs-webappcentos-upgrade-tomcat6-el-2-1-apicentos-upgrade-tomcat6-javadoccentos-upgrade-tomcat6-jsp-2-1-apicentos-upgrade-tomcat6-libcentos-upgrade-tomcat6-servlet-2-5-apicentos-upgrade-tomcat6-webapps
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.