CVE-2015-5345
medium
CVSS v3
5.3
CVSS v2
5.0
VIR risk
5.3
Description
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
Predictions
Exploit likelihood
63%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2015-5345
Vendor advisory: secalert@redhat.com — http://tomcat.apache.org/security-9.html
Vendor advisory: secalert@redhat.com — http://tomcat.apache.org/security-8.html
Vendor advisory: secalert@redhat.com — http://tomcat.apache.org/security-7.html
Vendor advisory: secalert@redhat.com — http://tomcat.apache.org/security-6.html
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2015-5345.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | 7.0 | affected | |
| debian | 8.0 | affected | |
| ubuntu | 12.04 | affected | |
| ubuntu | 14.04 | affected | |
| ubuntu | 15.10 | affected | |
| ubuntu | 16.04 | affected | |
| debian | bookworm | fixed | 0 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 0 |
| debian | sid | fixed | 0 |
| debian | trixie | fixed | 0 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.tomcat:tomcat | >=9.0.0.M1,<9.0.0.M2 | 9.0.0.M2 |
| Maven | org.apache.tomcat:tomcat | >=8.0.0-RC1,<8.0.30 | 8.0.30 |
| Maven | org.apache.tomcat:tomcat | >=7.0.0,<7.0.68 | 7.0.68 |
| Maven | org.apache.tomcat:tomcat | >=6.0.0,<6.0.45 | 6.0.45 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| apache | tomcat | 6.0.0 | |
| apache | tomcat | 6.0.1 | |
| apache | tomcat | 6.0.2 | |
| apache | tomcat | 6.0.4 | |
| apache | tomcat | 6.0.10 | |
| apache | tomcat | 6.0.11 | |
| apache | tomcat | 6.0.13 | |
| apache | tomcat | 6.0.14 | |
| apache | tomcat | 6.0.16 | |
| apache | tomcat | 6.0.18 | |
| apache | tomcat | 6.0.20 | |
| apache | tomcat | 6.0.24 | |
| apache | tomcat | 6.0.26 | |
| apache | tomcat | 6.0.28 | |
| apache | tomcat | 6.0.29 | |
| apache | tomcat | 6.0.30 | |
| apache | tomcat | 6.0.32 | |
| apache | tomcat | 6.0.33 | |
| apache | tomcat | 6.0.35 | |
| apache | tomcat | 6.0.36 | |
| apache | tomcat | 6.0.37 | |
| apache | tomcat | 6.0.39 | |
| apache | tomcat | 6.0.41 | |
| apache | tomcat | 6.0.43 | |
| apache | tomcat | 6.0.44 | |
| apache | tomcat | 7.0.0 | |
| apache | tomcat | 7.0.2 | |
| apache | tomcat | 7.0.4 | |
| apache | tomcat | 7.0.5 | |
| apache | tomcat | 7.0.6 | |
| apache | tomcat | 7.0.10 | |
| apache | tomcat | 7.0.11 | |
| apache | tomcat | 7.0.12 | |
| apache | tomcat | 7.0.14 | |
| apache | tomcat | 7.0.16 | |
| apache | tomcat | 7.0.19 | |
| apache | tomcat | 7.0.20 | |
| apache | tomcat | 7.0.21 | |
| apache | tomcat | 7.0.22 | |
| apache | tomcat | 7.0.23 | |
| apache | tomcat | 7.0.25 | |
| apache | tomcat | 7.0.26 | |
| apache | tomcat | 7.0.27 | |
| apache | tomcat | 7.0.28 | |
| apache | tomcat | 7.0.29 | |
| apache | tomcat | 7.0.30 | |
| apache | tomcat | 7.0.32 | |
| apache | tomcat | 7.0.33 | |
| apache | tomcat | 7.0.34 | |
| apache | tomcat | 7.0.35 | |
| apache | tomcat | 7.0.37 | |
| apache | tomcat | 7.0.39 | |
| apache | tomcat | 7.0.40 | |
| apache | tomcat | 7.0.41 | |
| apache | tomcat | 7.0.42 | |
| apache | tomcat | 7.0.47 | |
| apache | tomcat | 7.0.50 | |
| apache | tomcat | 7.0.52 | |
| apache | tomcat | 7.0.53 | |
| apache | tomcat | 7.0.54 | |
| apache | tomcat | 7.0.55 | |
| apache | tomcat | 7.0.56 | |
| apache | tomcat | 7.0.57 | |
| apache | tomcat | 7.0.59 | |
| apache | tomcat | 7.0.61 | |
| apache | tomcat | 7.0.62 | |
| apache | tomcat | 7.0.63 | |
| apache | tomcat | 7.0.64 | |
| apache | tomcat | 7.0.65 | |
| apache | tomcat | 8.0.0 | |
| apache | tomcat | 8.0.1 | |
| apache | tomcat | 8.0.3 | |
| apache | tomcat | 8.0.11 | |
| apache | tomcat | 8.0.12 | |
| apache | tomcat | 8.0.14 | |
| apache | tomcat | 8.0.15 | |
| apache | tomcat | 8.0.17 | |
| apache | tomcat | 8.0.18 | |
| apache | tomcat | 8.0.20 | |
| apache | tomcat | 8.0.21 | |
| apache | tomcat | 8.0.22 | |
| apache | tomcat | 8.0.23 | |
| apache | tomcat | 8.0.24 | |
| apache | tomcat | 8.0.26 | |
| apache | tomcat | 8.0.27 | |
| apache | tomcat | 8.0.28 | |
| apache | tomcat | 8.0.29 | |
| apache | tomcat | 9.0.0 | |
References
- https://www.suse.com/security/cve/CVE-2015-5345.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
- http://marc.info/?l=bugtraq&m=145974991225029&w=2
- http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html
- http://rhn.redhat.com/errata/RHSA-2016-1089.html
- http://rhn.redhat.com/errata/RHSA-2016-2045.html
- http://rhn.redhat.com/errata/RHSA-2016-2599.html
- http://seclists.org/bugtraq/2016/Feb/146
- http://seclists.org/fulldisclosure/2016/Feb/122
- http://svn.apache.org/viewvc?view=revision&revision=1715206
- http://svn.apache.org/viewvc?view=revision&revision=1715207
- http://svn.apache.org/viewvc?view=revision&revision=1715213
- http://svn.apache.org/viewvc?view=revision&revision=1715216
- http://svn.apache.org/viewvc?view=revision&revision=1716882
- http://svn.apache.org/viewvc?view=revision&revision=1716894
- http://svn.apache.org/viewvc?view=revision&revision=1717209
- http://svn.apache.org/viewvc?view=revision&revision=1717212
- http://svn.apache.org/viewvc?view=revision&revision=1717216
- http://tomcat.apache.org/security-6.html
- http://tomcat.apache.org/security-7.html
- http://tomcat.apache.org/security-8.html
- http://tomcat.apache.org/security-9.html
CWEs
CWE-22
Verify integrity in audit chain (admin only). AS-IS.