CVE-2015-5174
published 2016-02-25CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated…
PriorityP429medium4.3CVSS 3.0
AVNACLPRLUINSUCLINAN
EPSS
12.55%
95.7th percentile
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
Affected
89 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv4.3MEDIUM
vendor_apache4.3MEDIUM
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Tomcat vulnerabilities
vendor_ubuntu·2016-07-05·CVSS 4.3
CVE-2015-5174 [MEDIUM] Tomcat vulnerabilities
Title: Tomcat vulnerabilities
Summary: Several security issues were fixed in Tomcat.
It was discovered that Tomcat incorrectly handled pathnames used by web
applications in a getResource, getResourceAsStream, or getResourcePaths
call. A remote attacker could use this issue to possibly list a parent
directory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and
Ubuntu 15.10. (CVE-2015-5174)
It was discovered that the Tomcat mapper component incorrectly handled
redirects. A remote attacker could use this issue to determine the
existence of a directory. This issue only affected Ubuntu 12.04 LTS,
Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5345)
It was discovered that Tomcat incorrectly handled different session
settings when multiple versions of the same web application was
Red Hat
tomcat: URL Normalization issue
vendor_redhat·2016-02-22·CVSS 4.3
CVE-2015-5174 [MEDIUM] tomcat: URL Normalization issue
tomcat: URL Normalization issue
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call.
Package: jbossweb (Red Hat
Apache
Apache tomcat: CVE-2015-5174
vendor_apache·CVSS 4.3
CVE-2015-5174 [MEDIUM] Apache tomcat: CVE-2015-5174
Apache tomcat: CVE-2015-5174
This issue only affects users running untrusted web applications under a security manager. When accessing resources via the ServletContext methods getResource() getResourceAsStream() and getResourcePaths() the paths should be limited to the current web application. The validation was not correct and paths of the form "/.." were not rejected. Note that paths starting with "/../" were correctly rejected. This bug allowed malicious web applications running under a security manager to obtain a directory listing for the directory in which the web application had been deployed. This should not be possible when running under a security manager. Typically, the directory listing that would be exposed would be for $CATALINA_BASE/webapps. This was fixed in revisions 16962
GHSA
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
ghsa·2022-05-14
CVE-2015-5174 [MEDIUM] CWE-22 Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
OSV
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
osv·2022-05-14
CVE-2015-5174 [MEDIUM] Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
OSV
tomcat6, tomcat7 vulnerabilities
osv·2016-07-05·CVSS 4.3
CVE-2015-5174 [MEDIUM] tomcat6, tomcat7 vulnerabilities
tomcat6, tomcat7 vulnerabilities
It was discovered that Tomcat incorrectly handled pathnames used by web
applications in a getResource, getResourceAsStream, or getResourcePaths
call. A remote attacker could use this issue to possibly list a parent
directory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and
Ubuntu 15.10. (CVE-2015-5174)
It was discovered that the Tomcat mapper component incorrectly handled
redirects. A remote attacker could use this issue to determine the
existence of a directory. This issue only affected Ubuntu 12.04 LTS,
Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5345)
It was discovered that Tomcat incorrectly handled different session
settings when multiple versions of the same web application was deployed. A
remote attacker could possibly use this i
OSV
CVE-2015-5174: Directory traversal vulnerability in RequestUtil
osv·2016-02-24·CVSS 4.3
CVE-2015-5174 [MEDIUM] CVE-2015-5174: Directory traversal vulnerability in RequestUtil
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-5174 CVE-2015-5351 CVE-2016-0714 CVE-2016-0706 CVE-2015-5345 CVE-2015-5346 CVE-2016-0763 tomcat: multiple security vulnerabilities [epel-6]
bugzilla·2016-02-23·CVSS 4.3
CVE-2015-5174 [MEDIUM] CVE-2015-5174 CVE-2015-5351 CVE-2016-0714 CVE-2016-0706 CVE-2015-5345 CVE-2015-5346 CVE-2016-0763 tomcat: multiple security vulnerabilities [epel-6]
CVE-2015-5174 CVE-2015-5351 CVE-2016-0714 CVE-2016-0706 CVE-2015-5345 CVE-2015-5346 CVE-2016-0763 tomcat: multiple security vulnerabilities [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedp
Bugzilla
CVE-2015-5174 CVE-2015-5351 CVE-2016-0714 CVE-2016-0706 CVE-2015-5345 CVE-2015-5346 CVE-2016-0763 tomcat: multiple security vulnerabilities [fedora-all]
bugzilla·2016-02-23·CVSS 4.3
CVE-2015-5174 [MEDIUM] CVE-2015-5174 CVE-2015-5351 CVE-2016-0714 CVE-2016-0706 CVE-2015-5345 CVE-2015-5346 CVE-2016-0763 tomcat: multiple security vulnerabilities [fedora-all]
CVE-2015-5174 CVE-2015-5351 CVE-2016-0714 CVE-2016-0706 CVE-2015-5345 CVE-2015-5346 CVE-2016-0763 tomcat: multiple security vulnerabilities [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpk
Bugzilla
CVE-2015-5174 tomcat: URL Normalization issue [jbews-3.0.0]
bugzilla·2015-09-23·CVSS 4.3
CVE-2015-5174 [MEDIUM] CVE-2015-5174 tomcat: URL Normalization issue [jbews-3.0.0]
CVE-2015-5174 tomcat: URL Normalization issue [jbews-3.0.0]
jbews-3.0.0 tracking bug for tomcat: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the blocked bugs.
NOTE THIS ISSUE IS CURRENTLY EMBARGOED, DO NOT MAKE PUBLIC COMMITS OR COMMENTS ABOUT THIS ISSUE.
[bug automatically created by: add-tracking-bugs]
Discussion:
David Knox updated the status of jira JWS-240 to Resolved
---
Coty Sutherland updated the status of jira JWS-240 to Resolved
---
Michal Karm Babacek updated the status of jira JWS-240 to Closed
---
Michal Karm Babacek updated the status of jira JWS-240 to Reopened
---
Michal Karm Babacek updated the status of jira JWS-240 to Closed
---
Tim Walsh updated the status of
Bugzilla
CVE-2015-5174 tomcat: URL Normalization issue
bugzilla·2015-09-23·CVSS 4.3
CVE-2015-5174 [MEDIUM] CVE-2015-5174 tomcat: URL Normalization issue
CVE-2015-5174 tomcat: URL Normalization issue
URL Normalisation issue
A directory traversal vulnerability exists in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 that allows a remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
Discussion:
Public via:
http://seclists.org/bugtraq/2016/Feb/149
Upstream patches:
Tomcat6:
http://svn.apache.org/viewvc?view=revision&revision=1700900
Tomcat7:
http://svn.apache.org/viewvc?view=revision&revision=1696284
http://svn.apache.org/viewvc?view=revision&revision=17
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.htmlhttp://marc.info/?l=bugtraq&m=145974991225029&w=2http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1435.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2045.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2599.htmlhttp://seclists.org/bugtraq/2016/Feb/149http://svn.apache.org/viewvc?view=revision&revision=1696281http://svn.apache.org/viewvc?view=revision&revision=1696284http://svn.apache.org/viewvc?view=revision&revision=1700897http://svn.apache.org/viewvc?view=revision&revision=1700898http://svn.apache.org/viewvc?view=revision&revision=1700900http://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://tomcat.apache.org/security-8.htmlhttp://www.debian.org/security/2016/dsa-3530http://www.debian.org/security/2016/dsa-3552http://www.debian.org/security/2016/dsa-3609http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlhttp://www.securityfocus.com/bid/83329http://www.securitytracker.com/id/1035070http://www.ubuntu.com/usn/USN-3024-1https://access.redhat.com/errata/RHSA-2016:1432https://access.redhat.com/errata/RHSA-2016:1433https://access.redhat.com/errata/RHSA-2016:1434https://bto.bluecoat.com/security-advisory/sa118https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350%40%3Cusers.tomcat.apache.org%3Ehttps://security.gentoo.org/glsa/201705-09https://security.netapp.com/advisory/ntap-20180531-0001/http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.htmlhttp://marc.info/?l=bugtraq&m=145974991225029&w=2http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1435.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2045.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2599.htmlhttp://seclists.org/bugtraq/2016/Feb/149http://svn.apache.org/viewvc?view=revision&revision=1696281http://svn.apache.org/viewvc?view=revision&revision=1696284http://svn.apache.org/viewvc?view=revision&revision=1700897http://svn.apache.org/viewvc?view=revision&revision=1700898http://svn.apache.org/viewvc?view=revision&revision=1700900http://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://tomcat.apache.org/security-8.htmlhttp://www.debian.org/security/2016/dsa-3530http://www.debian.org/security/2016/dsa-3552http://www.debian.org/security/2016/dsa-3609http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlhttp://www.securityfocus.com/bid/83329http://www.securitytracker.com/id/1035070http://www.ubuntu.com/usn/USN-3024-1https://access.redhat.com/errata/RHSA-2016:1432https://access.redhat.com/errata/RHSA-2016:1433https://access.redhat.com/errata/RHSA-2016:1434https://bto.bluecoat.com/security-advisory/sa118https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350%40%3Cusers.tomcat.apache.org%3Ehttps://security.gentoo.org/glsa/201705-09https://security.netapp.com/advisory/ntap-20180531-0001/
2016-02-25
Published