CVE-2015-5345 tomcat7

Metadata

medium
5.0
tomcat7
CVE-2015-5345
2017-12-29 22:17
ALAS-2016-681
ALAS-2016-658
ALAS-2016-680
CVE-2015-5345 tomcat6
CVE-2015-5345 tomcat8
CVE-2015-5345
2017-06-18 07:38
2017-06-16 19:15
2017-04-01 19:31
2017-01-05 17:42

Description

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
buster tomcat7 7.0.68-1
jessie tomcat7 7.0.56-3+deb8u2
sid tomcat7 7.0.68-1
stretch tomcat7 7.0.68-1
wheezy tomcat7 7.0.28-4+deb7u4