vulnerability
Red Hat: CVE-2015-5174: Moderate: tomcat security, bug fix, and enhancement update ((Multiple Advisories))
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | 2016-02-24 | 2016-10-21 | 2018-01-17 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
2016-02-24
Added
2016-10-21
Modified
2018-01-17
Description
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
Solution(s)
redhat-upgrade-tomcatredhat-upgrade-tomcat-admin-webappsredhat-upgrade-tomcat-docs-webappredhat-upgrade-tomcat-el-2-2-apiredhat-upgrade-tomcat-javadocredhat-upgrade-tomcat-jsp-2-2-apiredhat-upgrade-tomcat-jsvcredhat-upgrade-tomcat-libredhat-upgrade-tomcat-servlet-3-0-apiredhat-upgrade-tomcat-webappsredhat-upgrade-tomcat6redhat-upgrade-tomcat6-admin-webappsredhat-upgrade-tomcat6-docs-webappredhat-upgrade-tomcat6-el-2-1-apiredhat-upgrade-tomcat6-javadocredhat-upgrade-tomcat6-jsp-2-1-apiredhat-upgrade-tomcat6-libredhat-upgrade-tomcat6-servlet-2-5-apiredhat-upgrade-tomcat6-webapps
References
- SUSE-SUSE-SU-2016:0769
- SUSE-SUSE-SU-2016:0822
- SUSE-SUSE-SU-2016:0839
- REDHAT-RHSA-2016:1432
- REDHAT-RHSA-2016:1433
- REDHAT-RHSA-2016:1434
- REDHAT-RHSA-2016:1435
- REDHAT-RHSA-2016:2045
- REDHAT-RHSA-2016:2599
- DEBIAN-DLA-435-1
- DEBIAN-DSA-3530
- DEBIAN-DSA-3552
- DEBIAN-DSA-3609
- BID-83329
- SECTRACK-1035070
- UBUNTU-USN-3024-1
- GENTOO-GLSA-201705-09
- NVD-CVE-2015-5174
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.