Appcanary is shutting down and joining GitHub. You can find out more here.
CVE-2015-5345 tomcat6
Metadata
 Debian
|
|
| medium | |
| 5.0 | |
| tomcat6 | |
| CVE-2015-5345 | |
| 2017-12-29 22:17 | |
ALAS-2016-681
ALAS-2016-680
ALAS-2016-658
CVE-2015-5345 tomcat8
CVE-2015-5345 tomcat7
CVE-2015-5345
|
|
|
2017-06-16 19:15 2017-04-01 19:31 2017-01-05 17:42 |
Description
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
Am I vulnerable?
The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.
Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.
Sign up for monitoringAffected package information |
Release | Package | Patched in |
|---|---|---|
| jessie | tomcat6 |
6.0.41-3
|
| wheezy | tomcat6 |
6.0.45+dfsg-1~deb7u1
|