Vulnerability Details : CVE-2015-5345
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
Products affected by CVE-2015-5345
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Threat overview for CVE-2015-5345
Top countries where our scanners detected CVE-2015-5345
Top open port discovered on systems with this issue
80
IPs affected by CVE-2015-5345 104,020
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-5345!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-5345
46.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5345
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2015-5345
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5345
-
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ - Pony Mail
-
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
Pony Mail!
-
http://tomcat.apache.org/security-8.html
Apache Tomcat® - Apache Tomcat 8 vulnerabilitiesVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2045.html
RHSA-2016:2045 - Security Advisory - Red Hat Customer Portal
-
https://bto.bluecoat.com/security-advisory/sa118
SA118 : February 2016 Apache Tomcat Vulnerabilities
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10156
McAfee Security Bulletin: McAfee Web Gateway update fixes multiple vulnerabilities
-
https://access.redhat.com/errata/RHSA-2016:1087
RHSA-2016:1087 - Security Advisory - Red Hat Customer Portal
-
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
Apache Mail Archives
-
http://rhn.redhat.com/errata/RHSA-2016-2599.html
RHSA-2016:2599 - Security Advisory - Red Hat Customer Portal
-
http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html
Apache Tomcat Directory Disclosure ≈ Packet Storm
-
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ - Pony Mail
-
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
Apache Mail Archives
-
http://www.securityfocus.com/bid/83328
Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
-
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
Apache Mail Archives
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
[security-announce] openSUSE-SU-2016:0865-1: important: Security update
-
http://seclists.org/bugtraq/2016/Feb/146
Bugtraq: [SECURITY] CVE-2015-5345 Apache Tomcat Directory disclosure
-
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
Apache Mail Archives
-
https://access.redhat.com/errata/RHSA-2016:1088
RHSA-2016:1088 - Security Advisory - Red Hat Customer Portal
-
http://svn.apache.org/viewvc?view=revision&revision=1717209
[Apache-SVN] Revision 1717209
-
http://tomcat.apache.org/security-6.html
Apache Tomcat® - Apache Tomcat 6 vulnerabilitiesVendor Advisory
-
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
Pony Mail!
-
http://tomcat.apache.org/security-7.html
Apache Tomcat® - Apache Tomcat 7 vulnerabilitiesVendor Advisory
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016
-
http://www.debian.org/security/2016/dsa-3609
Debian -- Security Information -- DSA-3609-1 tomcat8
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
[security-announce] SUSE-SU-2016:0839-1: important: Security update for
-
http://svn.apache.org/viewvc?view=revision&revision=1717212
[Apache-SVN] Revision 1717212
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Oracle Linux Bulletin - October 2016
-
http://www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerability.html
HackDefense | CVE-2015-5345 Apache Tomcat information disclosure vulnerability
-
http://seclists.org/fulldisclosure/2016/Feb/122
Full Disclosure: [CVE-2015-5345] Information disclosure vulnerability in Apache Tomcat
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
[security-announce] SUSE-SU-2016:0769-1: important: Security update for
-
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
Apache Mail Archives
-
https://bz.apache.org/bugzilla/show_bug.cgi?id=58765
58765 – Default behavior change in tomcat 8.0.29-30 context root redirect process
-
http://www.ubuntu.com/usn/USN-3024-1
USN-3024-1: Tomcat vulnerabilities | Ubuntu security notices
-
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
Apache Mail Archives
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
HPSBOV03615 rev.1 - HPE OpenVMS CSWS running the Apache Tomcat 7 Servlet Engine, Multiple Remote Vulnerabilities
-
https://security.gentoo.org/glsa/201705-09
Apache Tomcat: Multiple vulnerabilities (GLSA 201705-09) — Gentoo security
-
http://svn.apache.org/viewvc?view=revision&revision=1715213
[Apache-SVN] Revision 1715213
-
http://svn.apache.org/viewvc?view=revision&revision=1716894
[Apache-SVN] Revision 1716894
-
http://svn.apache.org/viewvc?view=revision&revision=1715206
[Apache-SVN] Revision 1715206
-
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ - Pony Mail
-
http://svn.apache.org/viewvc?view=revision&revision=1717216
[Apache-SVN] Revision 1717216
-
http://tomcat.apache.org/security-9.html
Apache Tomcat® - Apache Tomcat 9 vulnerabilitiesVendor Advisory
-
http://svn.apache.org/viewvc?view=revision&revision=1715207
[Apache-SVN] Revision 1715207
-
http://www.debian.org/security/2016/dsa-3530
Debian -- Security Information -- DSA-3530-1 tomcat6
-
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
Apache Mail Archives
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
[security-announce] SUSE-SU-2016:0822-1: important: Security update for
-
http://rhn.redhat.com/errata/RHSA-2016-1089.html
Red Hat Customer Portal
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
Sorry
-
http://www.securitytracker.com/id/1035071
Apache Tomcat Flaw Lets Remote Users Determine Valid Directories - SecurityTracker
-
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CPU July 2018
-
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ - Pony Mail
-
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/ - Pony Mail
-
http://svn.apache.org/viewvc?view=revision&revision=1716882
[Apache-SVN] Revision 1716882
-
http://www.debian.org/security/2016/dsa-3552
Debian -- Security Information -- DSA-3552-1 tomcat7
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
HPSBUX03606 rev.1 - HPE HP-UX running Apache Tomcat 7, Multiple Remote Vulnerabilities
-
https://security.netapp.com/advisory/ntap-20180531-0001/
February 2016 Apache Tomcat Vulnerabilities in NetApp Products | NetApp Product Security
-
http://svn.apache.org/viewvc?view=revision&revision=1715216
[Apache-SVN] Revision 1715216
-
http://marc.info/?l=bugtraq&m=145974991225029&w=2
'[security bulletin] HPSBUX03561 rev.1 - HPE HP-UX using Apache Tomcat, Remote Access Restriction Byp' - MARC
Jump to