CVE-2015-5174

Description

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.

References

https://security.netapp.com/advisory/ntap-20180531-0001/

https://security.gentoo.org/glsa/201705-09

https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350%40%3Cusers.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4%40%3Cusers.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e%40%3Cusers.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85%40%3Cusers.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2%40%3Cusers.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

https://bto.bluecoat.com/security-advisory/sa118

https://access.redhat.com/errata/RHSA-2016:1434

https://access.redhat.com/errata/RHSA-2016:1433

https://access.redhat.com/errata/RHSA-2016:1432

http://www.ubuntu.com/usn/USN-3024-1

http://www.securitytracker.com/id/1035070

http://www.securityfocus.com/bid/83329

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.debian.org/security/2016/dsa-3609

http://www.debian.org/security/2016/dsa-3552

http://www.debian.org/security/2016/dsa-3530

http://tomcat.apache.org/security-8.html

http://tomcat.apache.org/security-7.html

http://tomcat.apache.org/security-6.html

http://svn.apache.org/viewvc?view=revision&revision=1700900

http://svn.apache.org/viewvc?view=revision&revision=1700898

http://svn.apache.org/viewvc?view=revision&revision=1700897

http://svn.apache.org/viewvc?view=revision&revision=1696284

http://svn.apache.org/viewvc?view=revision&revision=1696281

http://seclists.org/bugtraq/2016/Feb/149

http://rhn.redhat.com/errata/RHSA-2016-2599.html

http://rhn.redhat.com/errata/RHSA-2016-2045.html

http://rhn.redhat.com/errata/RHSA-2016-1435.html

http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html

http://marc.info/?l=bugtraq&m=145974991225029&w=2

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3